stitch-loop
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executenpx serve, enabling the agent to host a local web server for visual verification of generated HTML content. - [PROMPT_INJECTION]: The skill implements an autonomous loop that reads instructions from a local file (
.stitch/next-prompt.md). This creates a surface for indirect prompt injection, as the agent's behavior is directed by the contents of this file in each iteration. - Ingestion points: Task prompts are read from
.stitch/next-prompt.mdat the start of the execution protocol. - Boundary markers: The skill uses YAML frontmatter to separate parameters from the prompt body, though it lacks explicit delimiters to prevent the agent from obeying instructions embedded within the prompt content itself.
- Capability inventory: The agent has access to Stitch MCP for code generation, Chrome MCP for browser-based testing, and filesystem write access.
- Sanitization: No content validation or sanitization is performed on the prompt data retrieved from the local filesystem.
Audit Metadata