cloudflare
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's Cloudflare AI handler reads arbitrary JSON request bodies (e.g., "const { prompt } = await request.json()") and passes that user-supplied content directly into env.AI.run (and similarly accepts uploaded audio/images for transcription/classification), so it ingests untrusted third‑party/user-generated input that could enable indirect prompt injection.
Audit Metadata