flux-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md explicitly shows running the inference.sh CLI with arbitrary external resources (e.g., "image_url": "https://your-image.jpg" and editable "lora_url") which the belt/inference.sh apps will fetch from the open web and the model will read/use to influence outputs, so untrusted third‑party content can be ingested and could indirectly inject instructions.