cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and required workflows explicitly show agents calling AI Search (env.AI.autorag(...).aiSearch) which indexes website content or R2 bucket files (references/ai-search/README.md and api.md) and also fetching tool definitions from external MCP servers (references/agents-sdk/api.md), meaning the agent ingests and acts on potentially untrusted public/third-party content that can influence its tool use and decisions.