runware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and fetches arbitrary http(s) URLs and external media as part of its runtime (scripts/image.py download_image and cmd_img2img accept input URLs; scripts/video.py download_file and cmd_img2vid accept URL frames) and also downloads imageURL/videoURL returned from the Runware API, which means untrusted third‑party/user‑provided content is ingested and used in the workflow.