design-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Retrieval & Networking steps explicitly instruct the agent to download and parse user-provided HTML and screenshots from the project's htmlCode.downloadUrl and screenshot.downloadUrl (using web_fetch/read_url_content) from Stitch project assets, which are untrusted third-party/user-generated content that the agent must read and use to make design decisions.