stitch-nextjs-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and downloads Stitch project HTML and screenshots from third-party GCS URLs (see SKILL.md Step 1 "Download HTML" using htmlCode.downloadUrl and scripts/fetch-stitch.sh), and those user-provided design assets are read and used to drive component decisions and implementation, meeting the criteria for untrusted content that can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads design HTML at runtime from the Stitch project's htmlCode.downloadUrl (a GCS URL, fetched via scripts/fetch-stitch.sh) and then uses that fetched content to drive component generation, meaning remote content can directly control the agent's prompts/output.