image-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI accepts network image/video/file URLs (scripts/vision.py --image/--video/--file) and VisionManager._prepare_image_url/ analyze_with_zhipu/analyze_with_qwen pass those arbitrary public URLs (or their fetched data) to external vision LLM APIs, so untrusted third‑party content from arbitrary web locations is ingested and directly influences model outputs.