ai-understanding-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and required examples explicitly fetch and process images from arbitrary URLs (e.g., use of dspy.Image.from_url("https://example.com/...") in SKILL.md and examples.md), meaning the agent ingests untrusted, user-provided web content (images) that the vision LLM will read/interpret as part of its workflow and could thus carry instructions that influence downstream decisions.