gpt-image2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill makes outbound calls to configurable OpenAI‑compatible gateways (POST /images/generations and /images/edits in scripts/gpt-image2.mjs) and to ImgBB via scripts/imgbb-upload.mjs, downloads image URLs returned by those services, and explicitly prints/returns API response fields such as revised_prompt and the full response body (see saveImages, parseApiResponse, and the README/SKILL.md agent workflow), so untrusted third‑party responses can be read and used by an agent and could therefore inject indirect instructions.