cloudflare-browser-rendering
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill requires installation of Node.js packages from the
@cloudflarescope (e.g.,@cloudflare/puppeteer). Although these are official packages for the service, the 'cloudflare' organization is not on the predefined list of trusted providers. The severity is lowered because these dependencies are essential to the skill's primary purpose. - Indirect Prompt Injection (LOW): The skill enables an agent to navigate to external websites using
page.goto(). This creates an attack surface where a malicious website could attempt to influence the agent's behavior. - Ingestion points: External URLs processed via
page.goto()andpage.evaluate()(README.md). - Boundary markers: None identified in the provided templates.
- Capability inventory: High-privilege browser control including script execution, screenshotting, and data extraction.
- Sanitization: No explicit sanitization or instruction-ignoring delimiters are demonstrated in the example code.
- Dynamic Execution (LOW): The skill utilizes
page.evaluate(), which executes dynamic JavaScript strings within the browser context. While standard for Puppeteer automation, this is a form of dynamic code execution. Severity is reduced as it is a core functional requirement of the skill. - Data Exposure & Exfiltration (SAFE): An automated scanner flagged the domain 'browser.se'. Analysis of the skill content reveals this is a false positive; the scanner likely matched the Sweden TLD (.se) against the string 'browser.sessionId' or 'browser.sessions' found in the API trigger list.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata