stitch-uviewpro-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to call Stitch MCP (stitch-mcp-get-screen) and download/parse the screen HTML from htmlCode.downloadUrl (see "Retrieval and Networking" and "Execution Steps" in SKILL.md), meaning it ingests arbitrary Stitch project/screen HTML (third-party/user-generated) which the agent must read and act on to generate code, so untrusted content can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls Stitch MCP to obtain an htmlCode.downloadUrl and at runtime runs scripts/fetch-stitch.sh to curl that URL (e.g. the example Stitch design URL https://stitch.withgoogle.com/projects/3492931393329678076?node-id=375b1aadc9cb45209bee8ad4f69af450 which yields an htmlCode.downloadUrl), and the fetched HTML is parsed and injected into the agent’s generation pipeline so remote content directly controls prompts/output.