Skills
skills/plastikaweb/plastikspace/design-md/Gen Agent Trust Hub

design-md

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves HTML source code and visual assets from URLs provided by the Stitch MCP server, which resides on well-known Google infrastructure (stitch.withgoogle.com).
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it processes untrusted HTML and CSS from user projects.
  • Ingestion points: Content is downloaded via web_fetch from htmlCode.downloadUrl in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched HTML.
  • Capability inventory: The agent has permissions for Write operations and network access via web_fetch.
  • Sanitization: No sanitization or filtering of the project source code is implemented before the agent extracts design tokens.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:08 PM