stitch-vue-layui-components
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/fetch-stitch.shusing Bash to handle high-reliability downloads of design files. - [EXTERNAL_DOWNLOADS]: The skill fetches design metadata and HTML source code from Google Cloud Storage via Stitch MCP URLs (
htmlCode.downloadUrl). - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted HTML data from external URLs to generate component code. Evidence: 1. Ingestion point:
temp/source.html(downloaded design content); 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the agent processes the fetched HTML; 3. Capability inventory: The agent has file system write access and bash execution capabilities; 4. Sanitization: No sanitization or validation of the external HTML content is described before it is used for code generation.
Audit Metadata