flux-2-klein

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary reference-image/mask/video URLs which the RunComfy model server (model-api.runcomfy.net and related runcomfy hosts) fetches and uses to guide generation—this untrusted third-party content is explicitly part of the runtime workflow and can influence model behavior, enabling indirect (image-based) prompt injection.