pencil-design-from-stitch-html
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted HTML data from external URLs or user input to drive automated design generation.
- Ingestion points: HTML code is fetched from
htmlCode.downloadUrl(provided via Stitch MCP tools) or pasted directly by the user, as outlined in the Retrieval and HTML section of SKILL.md. - Boundary markers: The instructions lack explicit delimiters or instructions to ignore potential commands embedded within the HTML content being processed.
- Capability inventory: The skill has access to powerful tools including
mcp_pencil:batch_designfor modifying design documents,Bashfor system operations, andWritefor local file storage. - Sanitization: No instructions are provided for sanitizing or validating the DOM tree or Tailwind classes before they are used to generate Pencil design operations.
- [EXTERNAL_DOWNLOADS]: Fetches HTML source code and visual assets from URLs provided by the Stitch MCP server (e.g., stitch.withgoogle.com) to support the conversion process.
Audit Metadata