cloudflare-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes runtime code that connects to external, arbitrary MCP servers (e.g., MCPClientManager.connect("https://external-mcp.com/sse")) which "auto-discovers tools, resources, prompts", so the agent will fetch and interpret untrusted third‑party content (tools/prompts) from external servers.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a runtime example that calls manager.connect("https://external-mcp.com/sse") which "auto-discovers tools, resources, prompts" — a clear runtime fetch that can directly supply prompts/instructions to the agent and thus could control agent behavior.