brand-landingpage
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage files and provide visual previews of the generated designs.
- Evidence: SKILL.md (Phase 3) specifies using the commands open (macOS), xdg-open (Linux), or start (Windows) to open local HTML files in the user's browser.
- Evidence: SKILL.md (Phase 4) instructs the agent to create a compressed archive of the delivery bundle using the zip -r command.
- [EXTERNAL_DOWNLOADS]: The skill manages external dependencies required for its design generation functionality.
- Evidence: SKILL.md (Phase 0) directs the agent to verify the presence of the Stitch SDK and install it globally or via a local package manager if it is missing.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as part of its core design-translation functionality.
- Ingestion points: User interview responses including product elevator pitches, brand adjectives, and descriptions of user-provided images as detailed in SKILL.md and references/interview-framework.md.
- Boundary markers: Absent; user input is interpolated directly into the prompt templates described in references/stitch-architecture.md.
- Capability inventory: Subprocess execution (zip, browser opening), file system access (.stitch/ directory), and network communication (Stitch API).
- Sanitization: Absent; the skill assumes user input is intended for design translation and does not implement explicit filtering of the conversational input.
Audit Metadata