cloudflare-workers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and parses arbitrary user-supplied messages (untrusted third-party content) in the ChatRoom/WebSocket handlers—see ChatRoom.fetch and webSocketMessage which parse JSON from connected clients and broadcast/store that content—so the agent would read and act on external user-generated input.