Skills
skills/partme-ai/full-stack-skills/stitch-vue-layui-components/Gen Agent Trust Hub

stitch-vue-layui-components

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes a scripts/fetch-stitch.sh script that utilizes curl to download design assets from Stitch-provided URLs. This is an expected functional requirement for design conversion.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local utility scripts and recommends standard npm install for project dependencies. No malicious command execution patterns were identified.
  • [PROMPT_INJECTION]: The skill processes external HTML data from the Stitch MCP tool, creating an indirect prompt injection surface.
  • Ingestion points: Design metadata and HTML downloaded via stitch-mcp-get-screen (SKILL.md).
  • Boundary markers: None present.
  • Capability inventory: Write (component generation), Bash (fetch script execution).
  • Sanitization: None present.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 06:28 AM