runcomfy-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states that image/audio/video URLs and enable_web_search outputs are treated as untrusted third-party content that the RunComfy model server fetches and can influence generation (see the "Indirect prompt injection (third-party content)" section), so user-provided or web-sourced assets can inject instructions into the model workflow.