jimeng_mcp_skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches arbitrary public image URLs (see "images"/"file_paths" parameters and the "collect image URL" step in SKILL.md and references/api_reference.md) and uses that untrusted, user-provided content as direct inputs to generation tools (image_composition, image_to_video), so third‑party content can materially influence outputs and thus enables indirect prompt injection risk.