ai-stitch-design-taste

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill's primary functionality is to send user-provided design data to a remote API for analysis.
  • [COMMAND_EXECUTION]: The script scripts/run.py is provided for the user to execute locally to interact with the API. It uses standard Python libraries for networking and parameter handling.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's domain ai-skills.ai to execute its logic. It also references external open-source material from skills.sh, which is presented neutrally as the source of the skill's logic.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it processes external content provided by the user.
  • Ingestion points: Data enters the system via materialText, materialUrl, and materialFile fields defined in references/form-schema.json.
  • Boundary markers: None are explicitly specified in the local file instructions.
  • Capability inventory: The skill uses network communication to send data to the provider's API via scripts/run.py.
  • Sanitization: There is no evidence of input validation or sanitization in the provided scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-stitch-design-taste