I've found that the query you use grabs attachments of posts, but doesn't check if the post is published.
Scenario is a draft post with images or a private page has attachments, these images are indexed in the sitemap.
I've taken a look at the query, and I can't immediately think of a quick fix. Not sure if this is a known bug? Happy to look into it further.