cloudflare-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs (SKILL.md "Retrieval Sources") to fetch live docs (e.g., https://developers.cloudflare.com/) and its AI Search reference (references/ai-search/README.md and api.md) describes crawling/indexing public websites and returning aiSearch results that agents consume (e.g., patterns showing aiSearch/searchDocs and an email-processing example that schedules actions based on generated summaries), so untrusted public content is ingested and can materially influence agent decisions.