cloudflare-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's templates (e.g., templates/workflow-with-events.ts and templates/worker-trigger.ts) explicitly read untrusted external request bodies (await req.json()) and forward them via instance.sendEvent to workflows that use step.waitForEvent to make decisions (e.g., approve/reject, execute actions), so arbitrary third‑party/user content is ingested and can materially change behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation includes explicit, concrete examples integrating with a payment gateway (Stripe). It shows calls like stripe.charges.create and stripe.charges.list, a PaymentWorkflow handling stripe webhooks, and an idempotency pattern specifically to avoid double charges. These are specific payment APIs (Stripe) rather than generic placeholders, so the skill grants direct financial execution capability.