cloudflare-r2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and serves arbitrary user-provided content (untrusted, user-generated files) via endpoints like /files/:filename, /upload/:filename, presigned upload endpoints, list()/get() calls and even reads object bodies as text/json (e.g., object.text()/object.json()) — exposing the agent to third-party content stored in R2 that it may read/interpret at runtime.