cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs use of AI Search website crawling and R2 indexing (references/ai-search/README.md, api.md) and shows agents processing user emails and search results (references/agents-sdk/patterns.md, ai-search/patterns.md) — i.e., it ingests untrusted public/user-generated content (website crawls, emails) and uses that content to generate responses and drive actions like scheduling, so third-party content can materially influence agent behavior.