stitch-mcp-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documented tools (e.g., build_site, get_screen_code, serve) explicitly fetch HTML/CSS and screenshots from Stitch projects via the Stitch API ("Fetch HTML/CSS for each screen", tool examples and patterns in SKILL.md), which are user-generated/third‑party design content that the agent is expected to read, interpret, and act on (site generation, integration, analysis), so that untrusted content could materially influence agent behavior.