baoyu-imagine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and forwards remote http(s) reference-image URLs (see references/providers/dashscope.md stating "passed through if the path is an http(s):// URL"), and the code paths in scripts/main.ts (validateReferenceImages, resolveBatchReferencePath/createTaskArgs, and loadBatchTasks) preserve and pass those external URLs to provider APIs, meaning untrusted public content can be ingested and can materially influence provider selection and generation behavior.