cloudflare-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes MCP server/tool examples that fetch and ingest arbitrary external URLs (e.g., the "analyze_image" tool in references/mcp-server-development.md which does const response = await fetch(url) and passes the image to env.AI.run), meaning untrusted public web content can be read and interpreted by the agent.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit sudo commands and instructions to install and enable system services (e.g., moving binaries to /usr/local/bin, sudo cloudflared service install, systemctl enable/start), which modify system files and require elevated privileges, so it pushes actions that change the machine state.