nano-banana-edit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md requires supplying "image_urls" (1–20 publicly-fetchable HTTPS URLs) which the RunComfy model server fetches and processes (see the "image_urls" schema and the "Security & Privacy" section that explicitly says external URLs are fetched and that image-based prompt injection is a known risk), so untrusted third-party content can be interpreted and materially influence model behavior.