alicloud-ai-image-qwen-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts arbitrary http/https reference_image URLs (see scripts/generate_image.py resolve_reference_image and the SKILL.md/References where reference_image is inserted into the ImageGeneration messages), which are fetched/ingested as part of the generation workflow and can influence model output, exposing the agent to untrusted third‑party content.