fal-ai-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill clearly ingests untrusted third-party content: scripts/edit.sh requires arbitrary --image-urls (public URLs) as reference images and scripts/generate.sh supports --web-search, both of which are sent to the fal.ai model and directly influence generation behavior (see SKILL.md workflow and the scripts), enabling indirect prompt injection via those external sources.