stitch-vue-element-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls Stitch MCP get_screen and instructs the agent to download and parse third-party design HTML and screenshots from htmlCode.downloadUrl (using scripts/fetch-stitch.sh) so it will fetch and interpret untrusted, user-generated content from Stitch/GCS as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs scripts/fetch-stitch.sh to curl the runtime-provided htmlCode.downloadUrl (the Stitch HTML/download URL returned by Stitch MCP) and then uses that fetched HTML/JSON as the input that drives the agent's code-generation prompts, so remote content fetched at runtime directly controls the agent's instructions.