stitch-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and parses Stitch-generated HTML from a Stitch MCP download URL (see "Step 1: Stitch 스크린 가져오기" -> htmlCode.downloadUrl and scripts/convert-stitch.ts which calls parseHTML), so it ingests user-generated third-party HTML that the agent reads and uses to drive component generation.