building-mcp-server-on-cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to "prefer retrieval over pre-training" and lists public retrieval sources (e.g., developers.cloudflare.com/agents/mcp, modelcontextprotocol.io, developers.cloudflare.com/workers/) and user-generated channels (GitHub discussions, Cloudflare Discord) in its Retrieval Sources and References, so the agent is expected to fetch and act on third-party web content that can change tool configuration and behavior.