qwen-image-2-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Image Editing example and Input Options explicitly accept reference_images as external URIs (e.g., the "reference_images" array with "uri": "https://example.com/person.jpg") which causes the agent/runtime to fetch and ingest arbitrary public images from third-party URLs that can influence generation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires and runs apps via the inference.sh CLI (e.g., "belt app run alibaba/qwen-image-2-pro"), which at runtime contacts and executes remote app code hosted at https://inference.sh, so the external URL is a required runtime dependency that results in remote code execution.