gpt-imagegen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arbitrary HTTPS image URLs as required runtime inputs (see SKILL.md step 5: "pass the source file or URL with --image") and the implementation (scripts/generate_image.py: file_part_from_source -> download_url -> validate_https_url/validate_hostname_safety) fetches and ingests those remote images, which are untrusted third‑party content that can materially affect generation/editing behavior.