stitch-uview-components
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a local scriptscripts/fetch-stitch.sh. This script is utilized to download HTML source files from URLs provided by the Stitch MCP tool. While it executes shell commands, the behavior is transparent and tied to the skill's core functionality of retrieving design assets. - [EXTERNAL_DOWNLOADS]: The skill performs external network requests via
curlwithin thefetch-stitch.shscript to download design content from Google Cloud Storage. It also references official documentation and component repositories from well-known sources such asuviewui.comand GitHub. These operations are consistent with the intended use case of fetching assets for code generation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data.
- Ingestion points: The
scripts/fetch-stitch.shscript downloads Stitch-generated HTML to a local file (temp/source.html), which the agent then parses to generate Vue code. - Boundary markers: There are no explicit instructions or delimiters defined to ignore potential malicious instructions embedded within the source HTML metadata or comments.
- Capability inventory: The skill possesses
Writecapabilities to create and modify project files andBashcapabilities to execute scripts, which could be leveraged if the agent is manipulated by instructions in the ingested data. - Sanitization: There is no mention of sanitization or validation of the downloaded HTML content before it is processed by the AI for code mapping.
Audit Metadata