stitch-ui-designer
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill defines a workflow that ingests untrusted user data to drive automated tool actions, creating a vulnerability surface.
- Ingestion points: User-provided design requests (e.g., "Design a dashboard for X") are directly passed as arguments to orchestrator tools like
stitch-ui-design-spec-generatorandstitch-ui-prompt-architectinSKILL.mdandreferences/workflows.md. - Boundary markers: There are no implementation details or instructions to use delimiters (like XML tags or block quotes) to separate user input from the agent's internal prompt logic.
- Capability inventory: The skill is granted powerful capabilities including
stitch*:*(project management and UI generation),Write(file system modification), andweb_fetch(external network operations). - Sanitization: The instructions lack any sanitization, filtering, or validation steps for the user-supplied strings before they are incorporated into the design generation prompt.
- Safety Violation: The workflow explicitly mandates that the agent "ALWAYS execute immediately (no confirmation loop)", which removes the critical safety check of human verification for high-impact tool executions.
Audit Metadata