fal-qwen-image-edit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly accepts reference images as arbitrary URLs (SKILL.md "reference images ... as local files or URLs") and scripts/generate.mjs will fetch those URLs (isUrl -> image_urls and downloadToFile/fetch), so untrusted third-party image content is ingested and directly influences the model's image-generation workflow.