aliyun-wan-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly accepts arbitrary reference_image URLs (SKILL.md "reference_image (string/array, optional) — URL or base64" and the scripts/generate_image.py which appends those URLs into the messages sent to ImageGeneration), thereby ingesting untrusted third-party image content that the model will interpret as part of its workflow and could influence generation behavior.