enhance-prompt
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (MEDIUM): The skill is vulnerable to indirect prompt injection via local file ingestion.
- Ingestion points:
SKILL.mdStep 2 reads the contents ofDESIGN.mdfrom the project directory. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands, using only a simple markdown header.
- Capability inventory: The skill is granted
ReadandWritepermissions, allowing it to access local files and write results to the filesystem. - Sanitization: There is no evidence of content sanitization for the ingested design data before interpolation.
- [External Downloads] (MEDIUM): The skill installation utilizes a source organization not included in the trusted list.
- Evidence:
npx add-skill google-labs-code/stitch-skillsfound inREADME.md. - Status: The organization
google-labs-codeis not an exact match for the trustedgoogleorgoogle-geminiorganizations.
Audit Metadata