enhance-prompt
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains misleading metadata regarding its authorship and origin. Evidence: The metadata in SKILL.md attributes the skill to google-labs-code and the source to google-labs-code/stitch-skills. However, the author context identifies the actual author as oimiragieo. This impersonation of a trusted organization (Google) is a deceptive practice that could cause users to misjudge the skill's safety and authority.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: The enhancement pipeline reads project-level configuration files such as DESIGN.md, docs/design-system.md, and tailwind.config.ts, as well as raw user requests. Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested data are present in the enhancement steps. Capability inventory: The skill utilizes Read and Write tools, allowing the agent to access filesystem content and record data to a memory directory. Sanitization: There is no evidence of sanitization or validation of the content retrieved from external files before it is processed by the agent.
Audit Metadata