flux-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and ingest arbitrary external image URLs as reference inputs (e.g., "Preferred: Use URLs directly" and "The API fetches URLs automatically" in the Image-to-Image / Multi-Reference sections, and grounding search in FLUX.2 [max] can pull real‑time web data), so the agent will read untrusted third‑party content supplied via public URLs.