fal-train

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required training flow (scripts/train.sh and SKILL.md) accepts a user-supplied --images-url (sent as "images_data_url" to https://queue.fal.run/$MODEL) which instructs the service to fetch and ingest a publicly hosted ZIP of images (untrusted/user-provided) to train a LoRA that can materially change later model behavior, so third-party content can indirectly influence agent actions.