cf-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and renders arbitrary public websites using Cloudflare's Browser Rendering API (e.g., /markdown, /scrape, /content via the cfbr.sh wrapper with user-supplied "url" values like https://target-site.com/listings), so the agent will read and interpret untrusted third-party web content which could carry indirect prompt-injection payloads.