runpod-serverless-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill dynamically downloads and loads third‑party models and components (e.g., model downloads from huggingface.co, CUSTOM_NODES GitHub URLs, network storage paths in extra_model_paths.yaml) and also loads/executes user-supplied ComfyUI workflow JSON from job["input"]["workflow_path"], so it ingests untrusted, user-generated web content that the agent will read and execute.