Skills
skills/leonxlnx/stitch-skills/design-md/Gen Agent Trust Hub

design-md

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses web_fetch to retrieve project assets like HTML code and screenshots from the Stitch platform. These operations are essential to the skill's primary function of analyzing design tokens and are directed at platform-specific asset URLs.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes external project HTML.
  • Ingestion points: Technical assets (HTML/CSS) are fetched from htmlCode.downloadUrl in SKILL.md.
  • Boundary markers: None; the skill analyzes the full content of the retrieved assets.
  • Capability inventory: Uses web_fetch for network retrieval and Write for generating the DESIGN.md file.
  • Sanitization: None; however, the agent is instructed to treat the input as technical data for token extraction rather than executable instructions, which aligns with its intended use case for design analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:14 AM