cloudflare-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's templates and examples explicitly ingest untrusted, user-provided HTTP/webhook payloads and external API responses (e.g., the /approvals/decide webhook handler that calls instance.sendEvent and step.waitForEvent, and numerous fetch() calls to public APIs like https://api.example.com), which the workflows directly read and act on as part of their runtime logic.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation includes explicit, concrete examples integrating with a payment gateway (Stripe). It shows calls like stripe.charges.create and stripe.charges.list, a PaymentWorkflow handling stripe webhooks, and an idempotency pattern specifically to avoid double charges. These are specific payment APIs (Stripe) rather than generic placeholders, so the skill grants direct financial execution capability.