stitch-vue-vant-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls stitch-mcp-get-screen to obtain design JSON and an htmlCode.downloadUrl and instructs the agent to run scripts/fetch-stitch.sh to download and parse that Stitch HTML (and uses screenshot.downloadUrl) so untrusted, user-provided third-party content from Stitch/GCS is ingested and used to drive component-generation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs a runtime fetch (scripts/fetch-stitch.sh uses curl) of the Stitch-provided htmlCode.downloadUrl (and related screenshot.downloadUrl) returned by stitch-mcp:get_screen, and that fetched HTML is a required input that directly drives the agent's generation/mapping of prompts to output, so external content can control the agent's behavior.