cloudflare-browser-rendering
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security violations were detected. All external references and dependencies target trusted organizations or well-known services.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from external web pages.
- Ingestion points: The skill uses
page.goto()inSKILL.mdto navigate to external, potentially untrusted URLs. - Boundary markers: The provided code examples do not include explicit delimiters or instructions to ignore embedded commands in the fetched content.
- Capability inventory: The skill enables browser interaction (clicking, typing) and content extraction using Puppeteer and Playwright APIs, and passes the output to LLMs via Workers AI.
- Sanitization: No sanitization or filtering of the rendered HTML content is demonstrated before it is passed to downstream AI components.
Audit Metadata