stitch-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The generate-design-md workflow explicitly instructs the agent to call get_screen to obtain screenshot.downloadUrl and htmlCode.downloadUrl and to use read_url_content / download those HTML assets and screenshots, which the agent must analyze to extract colors, geometry, and other rules that directly influence subsequent design decisions—i.e., it fetches and interprets potentially untrusted third-party/user-provided web content (the downloadUrl HTML/screenshot) as part of its runtime workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's generate-design-md and asset-download workflows explicitly fetch external assets at runtime (e.g., the Stitch MCP-provided htmlCode.downloadUrl and screenshot.downloadUrl via read_url_content / curl) and then analyze that fetched HTML/screenshot to synthesize .stitch/DESIGN.md and inform/enhance prompts, so those runtime URLs can directly control the agent's prompt generation.