stitch-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The generate-design-md workflow explicitly instructs the agent to call get_screen and then use read_url_content to fetch HTML (htmlCode.downloadUrl) and screenshots from project asset URLs and to analyze those user-generated HTML/screenshots to extract colors, geometry, and other tokens that will directly drive design decisions, which exposes the agent to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's generate-design-md workflow explicitly fetches runtime assets via screenshot.downloadUrl and htmlCode.downloadUrl (retrieved and fetched with read_url_content) and ingests that remote HTML/screenshot content to synthesize the .stitch/DESIGN.md which is then used to control and enhance prompts, so these runtime download URLs are a high-confidence external dependency.