cloudflare-workers-ci-cd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required CI/CD workflows and scripts (e.g., templates/preview-deployment.yml, templates/github-actions-full.yml, references/deployment-strategies.md, and scripts/verify-deployment.sh) perform curl requests against public preview/worker URLs and parse/act on the responses (health checks, expected body/status) to decide verification, rollbacks, and downstream actions, which means untrusted user-generated HTTP content can materially influence tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's CI workflows invoke external GitHub Actions at runtime—most notably cloudflare/wrangler-action@v4 (https://github.com/cloudflare/wrangler-action)—which are fetched and executed by the runner and are required for deployment, so they constitute an external runtime dependency that executes remote code.