seedream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary HTTP/HTTPS image URLs ("支持本地图片和网络URL" in SKILL.md and the example --image "https://example.com/photo.jpg") and provides a --search flag ("联网搜索增强生成" in SKILL.md) that sets payload.enable_online_search = true in scripts/generate_image.js, which causes the service to fetch and incorporate untrusted public web content into generation—thus exposing the agent to untrusted third-party content that can influence behavior.