stitch-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow (Step 1: Retrieve the design) explicitly instructs calling [prefix]:get_screen and running scripts/fetch-stitch.sh to download HTML from htmlCode.downloadUrl, which is third-party/user-provided HTML that the agent is expected to read and use to drive conversion actions — meeting the criteria for untrusted content that could influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs a fetch at runtime (bash scripts/fetch-stitch.sh "[htmlCode.downloadUrl]" "temp/source.html") to download external HTML which is then used as the source for conversion/generation, meaning the runtime-fetched content (htmlCode.downloadUrl) can directly control the agent's prompts/outputs.