stitch-sdk-development
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill describes a legitimate development environment for the Stitch SDK, maintained by the vendor google-labs-code.
- [COMMAND_EXECUTION]: Instructions involve running local utility scripts via
bun(e.g.,capture-tools.ts,generate-sdk.ts,validate-generated.ts) to manage the SDK lifecycle. These are standard development tasks within the project's own codebase. - [CREDENTIALS_UNSAFE]: The skill correctly advises using environment variables like
STITCH_API_KEYandSTITCH_ACCESS_TOKENfor managing sensitive credentials, which is an industry-standard security practice. - [EXTERNAL_DOWNLOADS]: References external dependencies from well-known and trusted sources, including
@google/stitch-sdk,@ai-sdk/google, and the Vercel AI SDK (ai).
Audit Metadata