Skills
skills/partme-ai/stitch-skills/stitch-loop/Gen Agent Trust Hub

stitch-loop

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a 'baton' system where it reads next-prompt.md and uses its content to drive the next iteration of code generation. This creates an indirect prompt injection surface where the agent's behavior for the next step is determined by the content of a file it previously wrote or read.
  • Ingestion points: next-prompt.md, DESIGN.md, SITE.md.
  • Boundary markers: None identified; the agent is instructed to parse and use the raw content from the baton file.
  • Capability inventory: Bash (used for npx serve), Write (to update site files and the next baton), and stitch MCP tools (for remote code generation).
  • Sanitization: No sanitization or validation of the ingested prompt content is performed before passing it to the Stitch generation tools.
  • [COMMAND_EXECUTION]: The skill utilizes Bash to run npx serve for local visual verification of the generated website pages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 08:32 AM