cloudflare-workers-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary remote content in templates/ai-vision-models.ts (the /vision/url endpoint calls fetch(url) to retrieve a user-supplied public image URL, base64-encodes it, and sends it to the vision LLM), so it reads untrusted third‑party content from the open web as part of its workflow.