stitch-loop

[Skill Scanner] Agent capability enumeration detected This Skill is functionally coherent with its stated purpose (an autonomous Stitch-based build loop). It does not contain explicit obfuscated malware or hardcoded credentials in the provided text. However, it contains multiple supply-chain risk patterns: network downloads of generated HTML/assets from an external MCP service, runtime download-and-execute via npx serve, and broad allowed-tool permissions (wildcards, Bash, Chrome) that permit powerful actions. The enforced requirement to update next-prompt.md and orchestration options enable fully autonomous, persistent execution if deployed, which magnifies risk. Recommend restricting allowed tools, validating and sanitizing downloaded HTML (strip or sandbox scripts), pinning and verifying any runtime packages, and requiring manual review before updating the baton or deploying generated pages. LLM verification: [LLM Escalated] This skill's stated purpose and its capabilities are largely aligned: it legitimately reads repo context, calls Stitch MCP to generate pages, downloads generated HTML/images, integrates them into the site, and updates the baton. However, it contains supply-chain risky patterns: downloading remote artifacts without pinned/verified checks, instructions to run runtime installs (npx serve), and agent capability enumeration. These behaviors increase the chance that a compromised MCP service or malici