stitch-mcp-get-screen
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates with 'stitch.google.com', which is a subdomain of a well-known and trusted organization (Google). All network operations described target this trusted infrastructure.
- [SAFE]: File system access via 'Read' and 'Write' tools is appropriately constrained to the local skill context for loading design contracts and component definitions (e.g., 'skills/stitch-uviewpro-components/'). No evidence of accessing sensitive system files or credentials was found.
- [PROMPT_INJECTION]: The skill processes external HTML data which presents a surface for indirect prompt injection. This risk is inherent to the skill's primary function of code conversion and is mitigated by the trusted nature of the data source. Ingestion points: Screen HTML retrieved via the 'get_screen' tool. Boundary markers: None explicitly defined in the instructions. Capability inventory: Includes MCP tool execution ('stitch*:*') and file system operations ('Read', 'Write'). Sanitization: No sanitization of ingested code is specified in the conversion logic.
Audit Metadata