The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill retrieves design assets, such as HTML code and screenshots, from official Stitch domains (stitch.withgoogle.com) via web_fetch. This is the core intended functionality for analyzing design systems and uses a trusted source.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external HTML and metadata from Stitch projects. While theoretically vulnerable, the risk is negligible as it targets a trusted service and is used for documentation synthesis.
Ingestion points: HTML and screenshot download URLs retrieved via Stitch MCP tools.
Boundary markers: Absent in the instructions provided to the agent.
Capability inventory: Filesystem Write access to generate the DESIGN.md file.
Sanitization: No explicit sanitization or escaping of external content is mentioned.

stitch-design-md