idea-stitch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The skill utilizes Python hooks (SessionStart, PreToolUse, PostToolUse) to manage internal state. These scripts are strictly local and perform benign tasks such as parsing project tracking metadata. No arbitrary command execution vulnerabilities were found.
- Indirect Prompt Injection (SAFE): The skill stores project context in a local file (
_tracker.md) and reads it back to provide session updates to the agent. While this is an ingestion point for data, the risk is negligible as the scripts use safe string parsing and the skill lacks network or high-privilege capabilities that could be exploited via injected text. - Data Exposure (SAFE): The skill operates entirely on project-related markdown and design files. It does not attempt to access sensitive system files (e.g., SSH keys, env files) or include hardcoded credentials.
- Unverifiable Dependencies (SAFE): The skill references an external design skill and standard Stitch MCP tools for UI generation. These are treated as legitimate workflow dependencies and do not involve untrusted remote code execution.
Audit Metadata