cloudflare-d1

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Worker examples and patterns explicitly read user-generated content at runtime from D1 database rows (e.g., posts/comments returned by templates/d1-worker-queries.ts endpoints like GET /api/posts and GET /api/posts/:slug) and from R2 objects (see "Hybrid D1 + R2 Pattern" in SKILL.md using env.R2_BUCKET.get(...)), so it clearly ingests untrusted third‑party content as part of its workflow.