cloudflare-one-migrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.72). The skill’s workflow explicitly requires retrieving “current Cloudflare docs, Cloudflare API schemas, and source-vendor export docs” and “request exports and logs before mapping,” which at runtime can include outsider-authored free text from public web content (Cloudflare docs) and/or vendor-export documents/logs provided by non-user parties, both of which can be ingested into the agent’s LLM context for analysis/mapping.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent to "Retrieve current Cloudflare docs, Cloudflare API schemas, and source-vendor export docs before generating exact configuration" and references runtime-used documentation URLs (e.g., https://developers.cloudflare.com/cloudflare-one/ and https://developers.cloudflare.com/cloudflare-one/team-and-resources/users/scim/), so fetching content from developers.cloudflare.com would be performed at runtime and would directly influence the agent's generated prompts/configuration.