cloudflare-browser-rendering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scraping and examples directly load arbitrary user-supplied URLs (e.g., Pattern 3 "Web Scraping with Structured Data" and Pattern 4/5 batch and AI-enhanced scraping) via page.goto(url) and then read page.content / page.$eval and even pass the scraped HTML to env.AI.run, which clearly ingests untrusted public web content that could contain indirect prompt injections.