stitch-html-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly downloads and ingests user/Project-generated Stitch HTML and assets via the design JSON ([prefix]:get_screen) and GCS download URLs using scripts/fetch-stitch.sh (and also references screenshot.downloadUrl), meaning the agent reads untrusted third-party content that can influence parsing and output generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes scripts/fetch-stitch.sh at runtime to download an external Stitch HTML URL (e.g., the GCS download URL represented as "[htmlCode.downloadUrl]" or a https://storage.googleapis.com/... URL), and that fetched HTML is a required input used to drive the conversion logic so it can directly influence the agent's prompts/behavior.