Skills
skills/partme-ai/stitch-skills/stitch-ui-design-spec-generator/Gen Agent Trust Hub

stitch-ui-design-spec-generator

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8) because it is designed to process untrusted data from external files and user input.
  • Ingestion points: The skill explicitly reads PRD (Product Requirement Document) files and user-provided summaries using the Read tool.
  • Boundary markers: There are no explicit boundary markers or delimiters defined in the instructions to help the agent distinguish between the user's data and the system's instructions.
  • Capability inventory: The skill is authorized to use Read, Write, and stitch*:* tools, which provides a path for potential unauthorized file system operations if the agent is misled by injected instructions.
  • Sanitization: The logic rules do not specify any sanitization or validation of the input content before extraction of requirements.
  • [NO_CODE]: The skill contains no executable scripts (e.g., Python or JavaScript) or binaries. It relies entirely on markdown-based instructions to guide the agent's behavior, reducing the risk of traditional remote code execution or malware persistence.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 08:32 AM