cloudflare-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes web-browsing and scraping of arbitrary public URLs (see templates/browser-agent.ts: scrapeUrl, batchScrape, captureScreenshot and extractDataWithAI) and then reads/parses that third-party HTML content (including sending it to an AI model), which clearly ingests untrusted, user-supplied web content into the agent workflow.