cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references explicitly show ingestion of public/third-party content — e.g., AI Search's website crawler and R2 indexing (references/ai-search/README.md and api.md) and Agents SDK email handlers that read email.text() (references/agents-sdk/api.md and patterns.md) — and those retrieved, user-generated sources are read/interpreted by the agent (aiSearch, onEmail) and can drive follow-up actions (responses, schedules, tool calls), so indirect prompt injection is possible.