qwen-image-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts external reference images via the "reference_images" input (see Input Options and the "Image Editing (Multi-Reference)" example with arbitrary URIs), meaning the agent will fetch and interpret untrusted third‑party images that could contain instructions influencing generation.