stitch-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding API keys in CLI commands and JSON headers (and using STITCH_API_KEY inline), which would require an agent/LLM to accept and then include secret values verbatim in outputs/configs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to ingest external URLs/images (see "Creating a DESIGN.md" → "From existing brand — Provide URL or image; extract palette, typography") and to download screen HTML/images via returned CDN URLs (get_screen / get_screen_code / get_screen_image), meaning arbitrary public web content can be fetched and injected into the AI prompt/context and thus can influence subsequent generation and tool actions.