design-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to download and parse user project assets via htmlCode.downloadUrl and screenshot.downloadUrl using web_fetch/read_url_content (see "Asset download" under Retrieval and Networking), which are user-generated/untrusted Stitch project contents that the agent must read and that directly influence its synthesis and subsequent actions.