cloudflare-r2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Worker examples explicitly read and parse R2 object contents (e.g., references/api.md shows await object.text() / object.json()) and the docs describe public buckets and presigned-URL/browser uploads (SKILL.md and references/presigned-urls.md), meaning the agent can fetch and interpret untrusted, user-provided content from public R2 buckets.