cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references explicitly show fetching and interpreting arbitrary third-party web content (e.g., references/browser-rendering/api.md and patterns.md use page.goto(url) and /scrape endpoints to load public sites, references/ai-search/* describe AI Search over Website data sources, and references/agents-sdk/patterns.md shows onEmail/email.text() ingestion), so the agent is expected to read untrusted external content that can influence its actions.