stitch-vue-bootstrap-components
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads HTML design assets from the Stitch platform (Google Cloud Storage) to a local temporary directory for processing.
- [COMMAND_EXECUTION]: Instructs the agent to use shell commands for resource retrieval and project setup, including the execution of the local fetch script and environment initialization with npm.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing HTML data retrieved from an external source. * Ingestion points: temp/source.html (via scripts/fetch-stitch.sh) * Boundary markers: Not implemented * Capability inventory: Bash execution, file system operations, and network access * Sanitization: No explicit validation or sanitization of the fetched HTML content is performed before parsing.
Audit Metadata