stitch-skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python script (
scripts/init_stitch_skill.py) to automate the creation of new skill directories and files. The script performs standard file system operations (mkdir, write_text, shutil.copyfile) within the local environment. Analysis of the script shows it uses strict regex validation for input names and does not execute any external or untrusted code. - [EXTERNAL_DOWNLOADS]: The skill does not perform any network operations or external downloads. All templates and logic are contained within the provided files.
- [PROMPT_INJECTION]: The skill includes instructions to enforce 'Trigger Safety', ensuring the agent only activates the designer workflow when the user explicitly mentions 'Stitch'. These are standard operational constraints and do not attempt to bypass safety filters.
- [DATA_EXFILTRATION]: No patterns associated with sensitive data access or external transmission were detected.
Audit Metadata