stitch-skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill serves as a factory for creating structured templates for UI design prompts. It adheres to a 'Design First, Execute Last' philosophy, ensuring that the generated skills only produce text prompts and do not perform unauthorized actions.
- [COMMAND_EXECUTION]: The skill provides and instructs the agent to use a local Python script (
scripts/init_stitch_skill.py) to automate file and directory creation. This script performs validation on the user-provided scenario name using a restrictive regular expression ([a-z0-9]+(?:-[a-z0-9]+)*) to prevent path traversal or command injection via the filename. - [EXTERNAL_DOWNLOADS]: The automation script contains logic to copy a
LICENSE.txtfile from a relative path (../../stitch-ui-designer/LICENSE.txt). This is a local file operation intended to maintain licensing consistency across the ecosystem and does not involve network requests. - [PROMPT_INJECTION]: The skill instructions include clear boundary markers and safety constraints, such as requiring the keyword 'Stitch' to trigger, which helps prevent accidental or malicious activation in unrelated contexts.
Audit Metadata