Skills
skills/delorenj/skills/fal-text-to-image/Snyk

fal-text-to-image

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary external image URLs/paths as inputs (see the CLI arguments like input_image / -i reference image in SKILL.md and the prepare_image_input functions in fal-image-remix, fal-image-edit, and fal-text-to-image that return or upload http(s) URLs), so untrusted third-party content (public/user-hosted images) is ingested and fed into model runs where that content can influence generation and model selection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 11:50 AM
Issues
1