fal-redesign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's upgrade workflow accepts a URL target (SKILL.md and runtime/bin/fal-site.mjs), screenshots that page and feeds the screenshot/mockup into vision LLMs (runtime/src/mockup.mjs, runtime/src/implement.mjs and related llmVision calls) which produce actionable build-specs that the agent then applies to code — meaning arbitrary public/third‑party page content could be ingested and materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and calls the fal.ai HTTP API at https://fal.run (e.g. openrouter/router, openrouter/router/vision, fal-ai/gpt-image-2) at runtime to obtain LLM/image outputs which are then used as prompts and to generate HTML/image assets (i.e., fetched content directly controls subsequent prompts and the implementation), making this an external runtime dependency that controls agent behavior.