qwen-image-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md "Image Editing (Multi-Reference)" example shows the app accepting arbitrary external image URLs (reference_images with "uri": "https://example.com/..."), which the service will fetch and the model will read/interpret as part of its editing workflow, allowing untrusted third-party content to materially influence outputs.