seedream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and code explicitly accept arbitrary image URLs (--image) and can enable联网搜索/web search (--web-search) which sets a ContentGenerationTool for web_search in scripts/seedream.py (and SKILL.md documents the web-search option), meaning it fetches untrusted public URLs/content that will be interpreted as part of image-generation workflow and can therefore influence subsequent tool behavior.