cloudflare-browser-rendering
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected in 'templates/ai-enhanced-scraper.ts'.
- Ingestion points: HTML content is extracted from untrusted URLs via 'page.$eval' and subsequently passed to an LLM.
- Boundary markers: Untrusted content is interpolated into the AI prompt without escaping or robust delimiters.
- Capability inventory: The script transmits extracted content to the '@cf/meta/llama-3.1-8b-instruct' model.
- Sanitization: No sanitization is performed on the extracted HTML beyond basic truncation.
- EXTERNAL_DOWNLOADS (SAFE): The 'scripts/check-versions.sh' file uses 'npm view' to query package metadata for version updates, which is a non-executable metadata check.
- COMMAND_EXECUTION (LOW): The skill lacks URL/HTML sanitization in its screenshot and PDF generation templates, which is a common risk factor for SSRF or local resource access in headless browser environments.
- SAFE (INFO): The automated scanner alert for 'browser.se' is a false positive triggered by the substring in the standard Cloudflare Puppeteer API method 'browser.sessions'.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata