stitch-ui-design-variants
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill contains no executable code or scripts, consisting entirely of Markdown-based instructions and documentation. This mitigates risks associated with remote code execution and system-level command execution.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection via the 'Base Spec' input. While it processes external data without explicit boundary markers or sanitization, the restricted scope of the 'Write' and 'stitch' tools for design generation presents no immediate threat. Evidence chain: 1. Ingestion point: Base Spec parameter in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Write tool and stitch*:* toolset. 4. Sanitization: None defined.\n- [SAFE]: No evidence of obfuscation, data exfiltration, or malicious instructions was found during the analysis.
Audit Metadata