qwen-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows supplying arbitrary reference_images URIs (see "Image Editing (Multi-Reference)" example with external URLs) which the app/ model ingests and uses to drive edits, so untrusted third‑party content could materially influence generation and thus enable indirect prompt injection.