qwencloud-vision

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and sends arbitrary HTTP/HTTPS image and video URLs to the vision models (see "File Input" and examples in SKILL.md and the analyze.py/ocr.py scripts which use resolve_file/http_post to pass external URLs to the model), meaning untrusted third‑party content (public web images/videos) is ingested and interpreted by the agent and can influence subsequent structured outputs, thinking-mode reasoning, or tool-calling behavior.