cloudflare-r2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and reads arbitrary user-provided objects from R2 (e.g., the upload endpoints and presigned-URL flows that allow clients to PUT files into the bucket and the get()/object.text()/object.json() usage that returns/parses those stored objects), which are untrusted third‑party content the agent will read as part of its workflow.