I have to process a feed from a data provider, in this feed they provide us with image URL, currently we download them and store them in our own media server, but I was wonderin
Image URLs can of course point to scripts (with some URL rewriting) but there's no risk to get a script run from an image load. URL data is treated as binary image data, not as runnable text/script.
If it's a script, for your browser it's nothing more than a corrupted image file. So, no code injections risk. At least this is what I know.