together-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and fetches arbitrary public URLs for image inputs and LoRA adapters (see references/api-reference.md "reference_images" and "image_loras", scripts/kontext_editing.py using image_url and download_image, and lora_generation.py pointing to HuggingFace/CivitAI/Replicate URLs), so untrusted third‑party content is ingested and can materially influence generation behavior.