cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to untrusted third-party web content via its browser rendering tools (get_url_html_content, get_url_markdown, get_url_screenshot) and scenarios that fetch arbitrary public URLs (e.g., "Take a screenshot of https://my-site.com" and "Convert an online error page to markdown"), meaning the agent will read and interpret public/user-provided pages.