fal-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts and processes arbitrary public URLs (e.g., the "image_urls" input field in the schema and nodes like "vision-prompt-dest2", the Game Assets workflow nodes such as fal_ai/bytedance/seedream/v4/edit, and Vision LLM nodes using openrouter/router/vision) so the agent will fetch and analyze untrusted third-party content (user-provided/public web images) as part of its workflows.