mcp-cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill includes Browser Rendering tools that fetch arbitrary URLs (get_url_html_content, get_url_markdown, get_url_screenshot) and container sandbox steps that clone/run arbitrary repos, so the agent ingest and interprets untrusted public web content and repositories as part of its workflows (see the "Browser Rendering (Page Capture)" tools and scenario examples 5, 6, and 18).