aliyun-qwen-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts reference_image values that may be HTTP/HTTPS URLs and inserts them into the model messages (see scripts/generate_image.py resolve_reference_image and messages insertion) and the SKILL.md/prompt-guide documents editing workflows that use reference_image, meaning the agent will ingest and act on arbitrary third-party image content supplied via URLs.