cloudflare-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports browsing and scraping arbitrary third‑party URLs — see SKILL.md "Browse the Web" and templates/browser-agent.ts (endpoints like POST /scrape, /batch-scrape and extractDataWithAI) which fetch page HTML/text provided at runtime and pass it into AI/extraction workflows, exposing the agent to untrusted user-generated web content that can materially influence decisions.