image-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches model lists and image data from arbitrary provider base_url endpoints configured in agent_config.toml (see scripts/imggen/provider.py: _fetch_openai_models/_fetch_gemini_models and _generate_openai_chat which downloads image_url results), so untrusted third‑party API responses can be ingested and can change control flow (model routing) and trigger further actions (downloading URLs).