cloudflare-r2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Workers integration and public-bucket examples explicitly read and return user-provided or public R2 objects (e.g., env.UPLOADS.get(...) in "Download & Streaming" and "Workers Integration", handling formData uploads in "File Upload Handlers", and public access via r2.dev in "Public Buckets"), which clearly ingests untrusted, user-generated third-party content as part of runtime workflows.