fal-realtime

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md examples and scripts/realtime.sh accept an arbitrary --lora-url and embed that external URL into the API payload (PAYLOAD -> "loras": [{"path": ...}]), which lets untrusted third‑party LoRA weights hosted on public URLs be fetched/used and materially alter model behavior.