fal-generate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly accepts arbitrary external media URLs (see "Common Parameters" entries --image-url / --video-url / --audio-url and the "With File Upload" usage), meaning the agent ingests untrusted public/user-provided content as inputs that can influence generation behavior and therefore could enable indirect prompt injection.