volcengine-ark-image-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's executable script and workflow explicitly accept arbitrary remote reference images (scripts/generate-image.mjs supports --image with http/https URLs and SKILL.md/references/request-examples.md describe single-reference image workflows), meaning untrusted third-party image content can be ingested and used to influence model prompts/decisions.