ai-image-editing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches external, user-provided image URLs and remote outputs (e.g., transform_image_fal(image_url) and moderate_image(image_url) which calls SightEngine, plus APIs like Fal/Replicate that ingest/return image URLs), so it ingests untrusted public third-party content as part of its workflow.