eliteforge-google-stitch-onboarding
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for repository initialization (git init) and tech-stack-specific project setup (e.g., package installation and build commands). It also runs included local utility scripts (scripts/stitch_manifest.sh, scripts/coverage_check.sh, and scripts/acceptance_check.sh) to inventory and audit the prototype implementation process.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and processes untrusted content from Google Stitch prototype files (code.html) and external project documentation (prd.md, design.md) to drive code generation and automated testing. While these are necessary for the skill's function, they create a vector for malicious instructions to influence the agent.
- Ingestion points: Local project documentation files and prototype directories containing code.html and visual assets are read into the agent context (SKILL.md, scripts/stitch_manifest.sh).
- Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent disregards potential instructions embedded within the ingested prototype data.
- Capability inventory: The agent is authorized to write project files, execute shell commands for initialization and building, and perform browser-driven integration testing (SKILL.md, references/google-stitch-onboarding-workflow.md).
- Sanitization: There is no evidence of sanitization or strict validation of the content extracted from prototypes before it is processed by the agent.
Audit Metadata