stitch-ui-design-spec-generator
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected in the processing of PRD documents.
- Ingestion points: Reads Product Requirement Documents (PRDs) from provided file paths or user-pasted content as specified in SKILL.md and examples/usage.md.
- Boundary markers: Missing explicit delimiters or instructions to ignore commands embedded within the PRD content.
- Capability inventory: Uses Read, Write, and stitch*:* tools across its operations, which could be abused if an injected instruction is followed by the agent.
- Sanitization: Content from external files is processed and interpolated into design logic without validation or escaping mechanisms.
Audit Metadata