brand-landingpage
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the Stitch SDK if missing, referencing documentation from the vendor's domain at
https://stitch-design.ai/docs/sdk/ai-sdk. This is a standard setup procedure for the core functionality. - [COMMAND_EXECUTION]: The skill utilizes common shell commands (
zip,open,xdg-open,start) to bundle project files and preview generated HTML content in the browser. These actions are restricted to the project output and support the skill's primary objective. - [INDIRECT_PROMPT_INJECTION]: The skill ingests user feedback to generate prompts for design generation.
- Ingestion points: User responses provided during the brand interview phases defined in
SKILL.mdandreferences/interview-framework.md. - Boundary markers: The workflow includes a mandatory summary confirmation step where the agent must verify the captured brand direction with the user before initiating generation.
- Capability inventory: Includes filesystem writes to a local
.stitch/directory, dynamic MCP tool calls for design management, and shell execution for project bundling and browser previews. - Sanitization: Employs a structured interview framework and an iterative feedback loop that requires manual user approval for each major transition.
Audit Metadata