cloudflare-browser-rendering
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- Category 2: Data Exposure & Exfiltration (SAFE): The skill provides templates for taking screenshots and scraping websites. While these involve navigating to user-provided URLs (SSRF), this is the primary purpose of the service. No credentials or sensitive files are accessed.
- Category 4: Unverifiable Dependencies (SAFE): The skill references official Cloudflare packages. The version check script is a benign utility.
- Category 8: Indirect Prompt Injection (LOW): The AI-enhanced scraper template processes external website content. Evidence Chain: 1. Ingestion points: Website HTML in
ai-enhanced-scraper.ts. 2. Boundary markers: None. 3. Capability inventory: AI output is parsed and returned to user; no further tool execution is performed. 4. Sanitization: Input truncation is used. - Scanner Alert Analysis (SAFE): The 'browser.se' detection is a false positive on API property strings like
browser.sessionsfound in documentation and code. No actual navigation to 'browser.se' is performed.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata