fal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and ingests arbitrary public URLs and third‑party media (see SKILL.md "Option 3: Use any public URL directly" and scripts/generate.sh, scripts/edit-image.sh, scripts/speech-to-text.sh, scripts/upload.sh) and its workflows (references/WORKFLOWS.md) show node outputs feeding later model inputs, so untrusted content (images/audio from the open web) can be processed and drive subsequent actions—enabling indirect prompt injection.