seedance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary HTTP/HTTPS image URLs via the --image flag (see skills.sh options and the embedded Python that sets image_url = image for http(s) inputs and appends {"type":"image_url", ...} to the content sent to the BytePlus API), so untrusted, user-provided third‑party images are ingested and used by the generation workflow.