stitch-ui-design-spec-layui
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted user data to generate layout descriptions and component selections.
- Ingestion points: User design requests and provided documents (e.g., PRDs) processed through the 'Selector mode'.
- Boundary markers: The skill uses markdown code blocks and specific headers like [Context], [Layout], and [Components] to delimit output, which provides some protection but is not a complete defense against adversarial input.
- Capability inventory: The skill is allowed to use 'stitch*:*', 'Read', and 'Write' tools, which could be misused if an injection is successful.
- Sanitization: No explicit sanitization or input validation logic is present in the instructions to filter potential malicious instructions within user requests.
Audit Metadata