stitch-design-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to call Stitch APIs (Step 1.5: get_project → designMd/namedColors) and to download and parse third-party HTML via htmlCode.downloadUrl and screenshot.downloadUrl (Step 1 + bash scripts/fetch-stitch.sh), and it requires using that user-generated design content to generate tokens and feed prompts—so external, untrusted content is read and directly influences subsequent tool use and outputs.