flux-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (e.g., rules/i2i-prompting.md, multi-reference-editing.md and SKILL.md/AGENTS.md) explicitly instructs passing arbitrary image URLs to input_image which "the API fetches URLs automatically" and references FLUX.2 [max] grounding search, meaning the agent will fetch and interpret untrusted third-party content (open web images/data) as part of its workflow and those inputs can materially influence generation/editing behavior.