aliyun-qwen-vl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts HTTPS image URLs (SKILL.md "image (string, required): HTTPS URL, local path, or data: URL") and scripts/analyze_image.py's resolve_image_input/build_payload send arbitrary remote image_url content to the Qwen VL model, meaning untrusted public images (which can contain user-generated text/instructions) are ingested and can influence model outputs and subsequent actions.