generating-stitch-screens
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill processes untrusted external content from prompt files and uses it to drive agent actions. Evidence: 1. Ingestion points: reads prompt-v*.md files in WORKFLOW.md Step 2. 2. Boundary markers: Uses '---' and HTML comments as logical separators, which are insufficient to prevent adversarial instructions from hijacking agent logic. 3. Capability inventory: Access to network and file-write operations through MCP tools. 4. Sanitization: No content sanitization is performed.
- DATA_EXFILTRATION (HIGH): The workflow allows reading from a 'Direct file path' provided as input. If an attacker provides a path to sensitive files (e.g., ~/.ssh/id_rsa), the skill will read the file and send its content to the external Stitch API as a 'prompt', leading to data exposure.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the third-party MCP server '@_davideast/stitch-mcp', which is not from a trusted source. This dependency increases the attack surface as the tool has local access to the agent's environment.
Recommendations
- AI detected serious security threats
Audit Metadata