cloudflare-workers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's examples and templates explicitly fetch and ingest external/untrusted content—e.g., proxying/origins with fetch(request), scheduled webhooks to https://api.example.com/webhook, cloning public templates from github.com/cloudflare/templates, and processing user-provided chat messages in the llm-chat-app-template and durable-chat-template—so the agent would read and act on arbitrary third-party/user-generated content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit instructions and examples that create and install systemd unit/socket files, copy configuration into /etc, and run sudo systemctl enable/start commands (and similar self-hosting setup), which directly modify system state and require elevated privileges.