stitch-react-components
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a bash script (
scripts/fetch-stitch.sh) to download design files viacurl. This is a utility for the skill's purpose of retrieving external design assets reliably. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to perform
npm installfor project dependencies and fetches design HTML/screenshots from URLs provided by the Stitch MCP. These actions are transparent and necessary for the stated functionality. - [DATA_EXFILTRATION]: No patterns of data exfiltration were detected. Network operations are limited to downloading assets and managing standard node packages.
- [PROMPT_INJECTION]: The instructions do not contain any patterns aimed at overriding agent behavior or bypassing safety filters.
Audit Metadata