aliyun-pixverse-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and scripts/prepare_aishi_request.py) accepts arbitrary media URLs via the "media" input (see parse_media in scripts/prepare_aishi_request.py and the image-to-video examples), which are fetched/ingested as untrusted third‑party content and directly influence the model's generation, so external content could carry indirect prompt instructions.