story-cover

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts external reference images (路径或 URL) and its Step 3 image-edit API call includes an "image": "${IMAGE_URL}" parameter—meaning the agent will ingest arbitrary user-supplied / public image URLs as part of its generation workflow (references in SKILL.md and the images/edits curl example), which could materially influence generation behavior.