stitch-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs users to copy their Stitch API key into CLI commands and configuration files (e.g., --header "X-Goog-Api-Key: YOUR-API-KEY" and JSON/TOML snippets), which would require an agent to insert and therefore output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly calls the remote Stitch MCP (stitch.googleapis.com) and downloads generated screens/files from storage.googleapis.com as part of the required setup and Step 5 workflow, meaning the agent ingests and acts on untrusted third-party content (downloaded HTML/screens) that could contain instructions influencing subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs installing the stitch-kit plugin from https://github.com/gabelul/stitch-kit.git at runtime (via /plugin marketplace add), which fetches and installs external skills/agent code that execute and control agent prompts and is required for the skill to work.