qwencloud-image-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary external image URLs via the "reference_images"/"reference_image" fields (e.g., examples in SKILL.md and the scripts/image.py → image_lib.build_payload/_resolve_file_url flow) and uploads/consumes those public third‑party images as model inputs, so untrusted user-generated content can be read/interpreted and materially influence generation behavior.