image-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime code and workflow explicitly accept and analyze external images (scripts/image_to_text.py treats inputs starting with "http" as image URLs and sends them to the vision API) and the required workflows (e.g., references/text-rendering-guide.md and SKILL.md's OCR/verification steps) mandate using that analysis to decide iterations and subsequent image-generation actions, so untrusted public images could carry text/instructions that materially influence tool behavior.