Skills
skills/cloudflare/skills/building-ai-agent-on-cloudflare/Snyk

building-ai-agent-on-cloudflare

Warn

Audited by Snyk on Mar 4, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's references (references/agent-patterns.md) explicitly show runtime fetching/ingesting of third-party content — e.g., ToolAgent.fetch('https://api.weather.com/...'), MCPClientAgent.addMcpServer('https://.../sse'), and RAG ingestDocument()/VECTORIZE queries — and those external results are fed back into AI calls and tool-decision flows, so untrusted third-party content can materially influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 02:51 AM