stitch-design-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and ingests user-generated Stitch project assets (via Stitch MCP calls like get_screen/get_project and downloading HTML and screenshots from htmlCode.downloadUrl and screenshot.downloadUrl using web_fetch), and it then analyzes that third-party content to drive prompts and generation decisions, exposing the agent to untrusted content that could carry indirect instructions.