I mean, having the model behave this way looks too easy and I guess that adobe does qc on the features it releases, so I'm not sure to see an alternative explanation - or adobe's qc is poor/inexistent.
I'm not sure what you mean by compromised but I'm pretty sure Adobe Firefly AI features are server-based. These features are too good to be done locally.
Plus even if it could be done locally, doing it server-side has the side benefit (for Adobe) of making it trivial to prevent pirates from ever being able to use those features.
By compromised I mean something like someone having access to adobe's servers where this is running and uploading troll models or toying with the model's responses
As for whether it can be compromised... Probably? It sends all or some of your photo to a remove server, so that can certainly be taken.