stitch-to-react

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to embed returned downloadUrl/htmlCode.downloadUrl values directly into shell fetch commands and tool calls (and those URLs can be presigned or contain sensitive tokens), so the LLM may need to output secret-like values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime fetches of external design artifacts via the Stitch MCP URLs (htmlCode.downloadUrl and screenshot.downloadUrl — e.g., used as "[htmlCode.downloadUrl]" and "[screenshot.downloadUrl]=w{width}" in bash scripts), and the downloaded HTML is parsed to extract Tailwind/config and directly drive code-generation decisions, so these runtime URLs can directly control the agent's prompts/output.