cloudflare-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/screenshot.js and scripts/video.js, and the reusable cdp-client.js) explicitly navigate to user-supplied or arbitrary URLs via Page.navigate and capture page HTML/text/screenshots, thereby fetching and ingesting untrusted public web content that the agent will read or process.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill connects at runtime to the external WebSocket endpoint wss://your-worker.workers.dev/cdp?secret=... (also shown as https://your-worker.workers.dev/cdp?secret=...) which is a required WORKER_URL and is used to send CDP commands that execute JavaScript and control pages remotely, so this external URL enables remote code execution during runtime.