seedream-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's workflow and scripts explicitly ingest untrusted third-party content: SKILL.md/reference.md state it will "auto-fetch" trending info for time-sensitive prompts and accept/upload external reference images, and generate.py (CLI --image-urls and download_image) downloads arbitrary image URLs which are then used to drive prompt construction and API generation—so public/web content can directly influence agent actions.