stitch-uview-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches Stitch design HTML via stitch-mcp-get-screen (htmlCode.downloadUrl) and the scripts/fetch-stitch.sh curl command (see SKILL.md and examples/usage.md), and instructs the agent to parse that downloaded HTML and map it to uView components—meaning untrusted, user-generated third-party content is ingested and can materially influence code-generation decisions.