Skills
skills/teachingai/full-stack-skills/stitch-vue-bootstrap-components/Gen Agent Trust Hub

stitch-vue-bootstrap-components

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches design assets and screen metadata from Google Cloud Storage URLs provided by the Stitch MCP service.
  • [COMMAND_EXECUTION]: Executes a local bash script (scripts/fetch-stitch.sh) to download HTML code via curl. This is used to ensure reliable downloads of design source files.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted HTML content from external design screens.
  • Ingestion points: External HTML content is retrieved via the fetch script and saved to temp/source.html for analysis by the agent.
  • Boundary markers: Not present; the instructions do not define specific delimiters to isolate untrusted input from system instructions.
  • Capability inventory: The agent has access to Bash for command execution and Write for file system modifications.
  • Sanitization: Not present; the skill does not include steps to sanitize or validate the downloaded HTML content before parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 10:44 AM