flux-image

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are documentation and image assets on inference.sh (likely benign), but the explicit instruction to pipe a shell installer from https://cli.inference.sh ("curl ... | sh") is a high‑risk distribution pattern (remote .sh execution) that could be used to deliver malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and processes arbitrary external resources (e.g., "image_url": "https://your-image.jpg" and user-supplied lora_url in the examples) which the agent will fetch and interpret as part of image-to-image and style workflows, exposing it to untrusted third-party content that could contain embedded instructions.