stitch-mcp-get-project
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill package is composed entirely of markdown documentation and YAML configuration files, with no executable scripts, binaries, or active code components.
- [EXTERNAL_DOWNLOADS]: The skill references the domain stitch.withgoogle.com for project resource parsing; this is a legitimate endpoint associated with a well-known service.
- [SAFE]: The instruction set includes functional safeguards, such as requiring explicit user mention of 'Stitch' before activation, which limits the risk of the agent misinterpreting context.
- [SAFE]: The skill has a minimal surface for indirect prompt injection as it processes structured project metadata. Ingestion points: project metadata (title, theme) retrieved via the stitch tool. Boundary markers: none specified for tool outputs. Capability inventory: access to stitch, Read, and Write tools. Sanitization: none described, however the risk is negligible given the structured nature of the data.
Audit Metadata