sn-image-imitate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts a reference_image as a local path or URL and (per SKILL.md Step 1 and the Worker Agent workflow) calls sn-image-recognize on that image (and later uses the VLM review outputs from prompts/layout_review.md) to extract long captions, layout blueprints and fix_hints which are then used to rewrite prompts and drive generation—meaning arbitrary user-provided or public-image content fetched from URLs is ingested and directly influences agent behavior.