stitch-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses Stitch project HTML and asset URLs from the Stitch MCP (e.g., mcp_stitch_list_screens / mcp_stitch_get_project, screenshot.downloadUrl, and system curl) and then uses that user-provided content to generate DESIGN.md, enhance prompts, and drive autonomous edit/build actions, so untrusted third-party content can materially influence the agent's behavior.