stitch-ui-design-spec-uview
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions for triggering based on keywords like 'uview' and 'Stitch' but lacks any patterns for bypassing safety filters or overriding system instructions.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No credentials, secrets, or sensitive file paths were found. The skill does not perform network operations to exfiltrate data.
- [EXTERNAL_DOWNLOADS]: References to official uView documentation and GitHub repositories are present for context but do not involve automated downloads or script execution.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user requests to generate UI prompts for a downstream tool (Stitch). While this creates an input surface, the risk is mitigated by the use of static templates and limited tool permissions. Ingestion points: User UI design requests in SKILL.md. Boundary markers: Markdown code blocks used for JSON and prompt outputs. Capability inventory: Tools restricted to stitch*:*, Read, and Write. Sanitization: Output is constrained by fixed templates defined in the skill source.
Audit Metadata