aliyun-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches arbitrary public image URLs (e.g., scripts/client.py translate/edit and the references/image-translate.md and SKILL.md examples that pass image_url like "https://example.com/…"), and those untrusted, user-hosted images are OCR-processed and used to drive translations/edits—meaning third-party content is ingested and can materially influence the model's outputs and subsequent behavior.