baoyu-imagine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and forwards http(s) reference-image URLs from arbitrary external sites into the generation workflow (see references/providers/dashscope.md: "http(s):// URLs are forwarded as-is" and scripts/main.ts: isRemoteReferenceImage/resolveBatchReferencePath and validateReferenceImages), so untrusted third‑party content can be ingested and directly influence model outputs and provider selection.