alicloud-ai-multimodal-qwen-vl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill accepts arbitrary HTTPS image URLs as input (see SKILL.md "image" can be an HTTPS URL and scripts/analyze_image.py's resolve_image_input/build_payload which embed the image_url sent to the Qwen VL model), so untrusted public images are ingested and interpreted by the model and could contain instructions that influence outputs or downstream decisions, enabling indirect prompt injection.