stitch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skills explicitly download and parse user project assets (e.g., design-md and react-components call [prefix]:get_screen and use web_fetch or Bash/curl to download htmlCode.downloadUrl and screenshot.downloadUrl from Stitch MCP Server, and remotion similarly fetches screenshots), which are untrusted, user-provided third-party files that the agent reads and interprets as part of its workflow.