Loading external images will reveal to the site where it’s loaded from at least these things:
User’s IP
Useragent string
Referrer
Also it can set third-party cookies which can be used to track specific user.
I don’t know if this project processes any of that data, but outside images can be used for tracking purposes.
At least it would be a good idea to limit some of this things for that img tag by setting some attributes that prevent referrer and cookies from being sent.