cloudflare-tunnel-ec2-deployment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required deployment steps include "git clone <REPO_URL>" under "Application Deployment", which clearly fetches arbitrary public repository content (untrusted third-party user-generated code) that the workflow builds and runs and therefore can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The deployment fetches and writes the Cloudflare yum repo at runtime via curl (https://pkg.cloudflare.com/cloudflared.repo) and then runs sudo yum install -y cloudflared, which installs and executes remote package code that the skill relies on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs creating and modifying system services and users (e.g., installing cloudflared as a systemd service, running sudo systemctl enable, usermod -aG docker, and altering SSH keys/security groups), which are actions that change machine state and can compromise the host if executed by an agent.