image-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts an image_url as an input (listed in SKILL.md and tools.ts) and the handler passes that URL into VisionService.analyzeImage (handler.ts), which fetches and processes arbitrary external images from the open web that could contain untrusted/user-generated content capable of embedding instructions that influence agent decisions.