stitch-uviewpro-components

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs inserting htmlCode.downloadUrl and screenshot.downloadUrl verbatim into bash commands (and into generated outputs), and those URLs can be signed/contain tokens, so the LLM would need to handle and emit sensitive URL-based secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md "Retrieval and Networking" and "Execution Steps") instructs the agent to call Stitch MCP get_screen and to download and parse htmlCode.downloadUrl (using scripts/fetch-stitch.sh) from public Stitch URLs, so it ingests untrusted third-party HTML/screens that will be interpreted to generate code—enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs at runtime a high-reliability fetch (scripts/fetch-stitch.sh "<htmlCode.downloadUrl>") to download Stitch HTML (e.g. from Stitch/GCS; example Stitch URL: https://stitch.withgoogle.com/projects/3492931393329678076?node-id=375b1aadc9cb45209bee8ad4f69af450) and uses that fetched HTML as the required input that directly drives the agent's conversion/generation logic, so the external htmlCode.downloadUrl is a runtime dependency that controls agent instructions.