cloudflare-browser-rendering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and renders arbitrary public URLs (e.g., REST endpoints like /content, /scrape and examples such as await page.goto('https://news.ycombinator.com') with page.content()) and then passes that untrusted, user-generated web content into AI processing (ai.run), clearly exposing the agent to third-party input that could enable indirect prompt injection.