cloudflare-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and parses arbitrary external HTTP/webhook JSON (e.g., the /approvals/decide and /workflows/:id/events endpoints and the /webhook/stripe example) and forwards that untrusted user-provided payload into workflows via instance.sendEvent / step.waitForEvent, so the agent will read and act on third-party content.