stitch-ui-designer
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines an automated workflow that utilizes MCP tools such as create_project and generate_screen_from_text. It directs the agent to execute these commands immediately without user confirmation loops to maintain a 'Flow-first' design experience.
- [EXTERNAL_DOWNLOADS]: The workflow involves retrieving design constraints and specifications from external design contract tools (e.g., stitch-ui-design-spec-uview). This is used to inject platform-specific requirements into the final design generation prompt.
- [PROMPT_INJECTION]: The skill processes user-provided design requests through several internal tools (like stitch-ui-prompt-architect) before executing generation commands. This workflow represents a surface for indirect prompt injection where untrusted user input can influence the parameters of subsequent tool calls.
- Ingestion points: User design requests processed in SKILL.md.
- Boundary markers: None explicitly specified for isolating user-provided text within the tool execution flow.
- Capability inventory: Access to project management, screen generation, file system (Read/Write), and web fetching tools.
- Sanitization: No explicit validation or sanitization of user input is described prior to its use in prompt assembly.
Audit Metadata