alicloud-ai-multimodal-qwen-ocr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary HTTPS (or data/local) image URLs (see SKILL.md request parameter "image" and scripts/prepare_ocr_request.py) and sends those external images to Qwen OCR for text extraction, so untrusted third-party content embedded in images could be read and influence downstream agent behavior.