face-swap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent/CLI to fetch and ingest external media from arbitrary HTTPS URLs (e.g., the runcomfy run examples with "image_url", "audio_url", "reference_video_url", and "images"/"image_urls"), meaning untrusted third-party assets are read as part of the workflow and can materially influence model behavior, creating an indirect prompt-injection risk.