stitch-mcp-get-screen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) instructs the agent to call get_screen and ingest the returned htmlCode.downloadUrl and screenshot.downloadUrl (e.g., https://stitch.google.com/download/...) — i.e., arbitrary user-generated HTML from Stitch — and to parse/transform that HTML into framework code, which means untrusted third-party content is read and can materially influence subsequent tool use and generated actions.