qwen-image-2-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Image Editing (Style Transfer)" example and the documented "reference_images" input show it ingests arbitrary external image URLs (e.g., https://example.com/person.jpg), meaning the app will fetch and interpret untrusted third‑party content that can materially influence generation and thus enable indirect prompt injection.