cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (SKILL.md and references/llms.md) explicitly describes AI Search indexing "documents from R2, websites, or APIs", Browser Rendering endpoints like /scrape and /links, and shows examples using env.AI_SEARCH.search, meaning the agent is expected to fetch and ingest public website content that can directly influence agent outputs and tool use.