cloudflare-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests untrusted third-party content: references/agents-sdk/api.md and patterns.md show agents reading and acting on incoming emails (onEmail/email.text()) and messages, and references/ai-search/README.md and api.md describe website crawling and aiSearch (indexing public sites/R2 content) whose retrieved content is fed to LLMs and can trigger actions—so external, user-generated/public content is read and can materially influence agent decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs rerunning deployments with "sandbox_permissions=require_escalated" and asks to obtain escalated network/sandbox access (bypassing sandbox restrictions), which is a request to bypass security mechanisms even though it doesn't ask for sudo or system-file changes.