stitch-uview-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to call stitch-mcp-get-screen to obtain htmlCode.downloadUrl (and to run scripts/fetch-stitch.sh on that URL) and to parse the downloaded Stitch HTML/screenshot — user-generated design content from external Stitch/GCS URLs — which the agent must read and interpret to drive component mapping and code-generation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs scripts/fetch-stitch.sh at runtime to curl the Stitch-provided htmlCode.downloadUrl (e.g. a Google Cloud Storage URL returned by Stitch MCP) and then consumes that downloaded HTML as the primary input to generate code/components, so the externally fetched content directly controls the agent's output.