stitch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The CLI explicitly calls the remote Stitch MCP (e.g., "stitch screen get --include-html --include-image" and tool calls documented in docs/CONTRACT_V1.md) and the code (src/normalize.ts and the createScreenMutationResult/followUp.getCommand behavior) ingests outputComponents and artifact URLs from the Stitch service (user/project-created screens and messages) which the agent is expected to read and which can include follow-up commands or text that materially influence subsequent tool actions.