cloudflare-browser-rendering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's templates (e.g., templates/ai-enhanced-scraper.ts and web-scraper-basic.ts) accept arbitrary ?url parameters, use page.goto()/page.$eval() to fetch and scrape remote web pages, and the AI-enhanced scraper passes that untrusted HTML into env.AI.run for interpretation—clearly ingesting and having the agent read untrusted third-party content (public URLs) that could enable indirect prompt injection.