The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses official packages from Cloudflare (@cloudflare/puppeteer and @cloudflare/playwright). As Cloudflare is a well-known technology company, these external dependencies are considered safe.
[COMMAND_EXECUTION]: The script scripts/check-versions.sh executes npm view to verify the current versions of required packages. This is a standard utility for maintaining dependencies in a development environment.
[PROMPT_INJECTION]: The templates/ai-enhanced-scraper.ts file presents a surface for indirect prompt injection by ingesting untrusted HTML from external websites and passing it to an AI model for structured data extraction.
Ingestion points: Untrusted data enters the context via the page.$eval("body", ...) call which retrieves HTML from a user-supplied URL.
Boundary markers: The template does not utilize specific delimiters or "ignore previous instructions" warnings to separate the AI's system instructions from the scraped web content.
Capability inventory: The script possesses the capability to navigate to arbitrary URLs and execute JavaScript within the browser context, but it does not have access to sensitive file systems or shell execution in the Worker environment.
Sanitization: The scraped content is truncated to 4000 characters to fit model context limits, but no HTML sanitization or instruction filtering is performed on the extracted text.

cloudflare-browser-rendering