fal-ai-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill accepts arbitrary public image URLs via scripts/edit.sh (--image-urls) and can enable web search in scripts/generate.sh, passing those third-party URLs/content to the fal.ai service and downloading/using the results, so the agent ingests untrusted user-provided web content as part of its workflow.