qwencloud-vision

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and sends arbitrary HTTP/HTTPS image and video URLs (see SKILL.md examples like --request '{"prompt":"What is in this image?","image":"https://example.com/photo.jpg"}' and scripts/analyze.py / scripts/ocr.py which build multimodal content from user-provided URLs via resolve_file/build_content), so untrusted third‑party media can be ingested and interpreted by the model and thus could contain instructions that materially influence agent behavior.