stitch-vue-layui-components

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and downloads Stitch screen HTML and screenshots via stitch-mcp-get-screen (htmlCode.downloadUrl / screenshot.downloadUrl) and scripts/fetch-stitch.sh and then parses and maps that user-generated HTML into Vue components as part of its workflow, so untrusted third-party content can influence generation and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs scripts/fetch-stitch.sh which uses curl to download the Stitch screen HTML from the runtime-provided htmlCode.downloadUrl (e.g. a Google Cloud Storage URL passed as "<htmlCode.downloadUrl>") and that fetched HTML is then injected/used to drive the agent's conversion instructions, so this is a runtime external fetch that directly controls the agent's output.