cloudflare-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required references (references/ai-search/README.md and api.md) explicitly show using AI Search to crawl and index website content and R2 buckets and include worker code calling env.AI.autorag("instance").aiSearch(...), meaning the agent fetches and interprets public third‑party website content as part of its workflow and thus can be exposed to untrusted, user-generated content that could carry indirect prompt injections.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs rerunning deployments with sandbox_permissions=require_escalated and asks to request "escalated network access" to bypass sandbox/network restrictions, which is a directive to bypass security controls on the host environment.