ai-stitch-design-taste
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill's primary functionality is to send user-provided design data to a remote API for analysis.
- [COMMAND_EXECUTION]: The script
scripts/run.pyis provided for the user to execute locally to interact with the API. It uses standard Python libraries for networking and parameter handling. - [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's domain
ai-skills.aito execute its logic. It also references external open-source material fromskills.sh, which is presented neutrally as the source of the skill's logic. - [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it processes external content provided by the user.
- Ingestion points: Data enters the system via
materialText,materialUrl, andmaterialFilefields defined inreferences/form-schema.json. - Boundary markers: None are explicitly specified in the local file instructions.
- Capability inventory: The skill uses network communication to send data to the provider's API via
scripts/run.py. - Sanitization: There is no evidence of input validation or sanitization in the provided scripts.
Audit Metadata