VLM

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts and processes arbitrary public image URLs (seen in the CLI examples, scripts/vlm.ts, and the Express.js /api/analyze-image endpoint) and passes those untrusted third-party images to zai.chat.completions.createVision for the model to read and interpret.