stitch-vue-element-components
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses a local shell script (scripts/fetch-stitch.sh) to download design assets via curl. This operation is used to retrieve HTML source code from Stitch or Google Cloud Storage as part of the conversion process.
- [EXTERNAL_DOWNLOADS]: Triggers npm install for project setup and fetches remote HTML files from Stitch services. These are expected behaviors for a tool designed to integrate with external design platforms.
- [PROMPT_INJECTION]: The skill ingests external HTML content retrieved from Stitch via get_screen (Ingestion point: SKILL.md). While no explicit boundary markers or sanitization logic are defined in the instructions, the agent's capability is focused on writing Vue components based on the fetched data (Capability inventory: Bash, Write, Read).
Audit Metadata