workers-dev-experience

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's development utilities explicitly read and expose arbitrary incoming HTTP request data (e.g., inspectBody, inspectRequest/DevLogger.request, and createDebugEndpoints in templates/dev-script.ts) and log/return headers and request bodies, which are untrusted user-generated inputs the agent would ingest and interpret at runtime.