wan-2-7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly says the RunComfy model server fetches user-provided external media (e.g., audio_url and up to 5 reference image/video/voice URLs) and uses them as conditioning for generation (see "Endpoints + input schema" and "Third-party content" / "How it works"), so untrusted third‑party content is ingested and can materially influence the model's behavior.