vue-components

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to place the design's download URL value verbatim into a shell command (bash scripts/fetch-stitch.sh "[htmlCode.downloadUrl]" ...), and such URLs can be presigned or contain sensitive tokens so the LLM would need to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md retrieval steps and resources/stitch-api-reference.md explicitly require calling get_screen and using htmlCode.downloadUrl / screenshot.downloadUrl (fetched by scripts/fetch-stitch.sh) to download arbitrary design HTML/assets which the agent must parse and use to drive component generation and style decisions, exposing it to untrusted third‑party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs scripts/fetch-stitch.sh which calls curl on the runtime-provided htmlCode.downloadUrl (a signed Google Cloud Storage downloadUrl) to retrieve HTML that is parsed and injected into the agent’s generation logic, so external content fetched at runtime can directly control the agent's outputs.