cloudflare
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides authoritative documentation, code templates, and configuration examples for the Cloudflare global edge network. All referenced resources and documentation links point to official Cloudflare domains.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official Cloudflare Wrangler CLI and using standard development libraries such as Hono, OpenAI, and @cloudflare/puppeteer from public registries. These are necessary components for the documented development workflows.\n- [COMMAND_EXECUTION]: Includes standard instructions for project lifecycle management using the Wrangler CLI, such as initializing projects, authenticating, and deploying code to the Cloudflare platform.\n- [PROMPT_INJECTION]: A code example for Retrieval-Augmented Generation (RAG) in SKILL.md documents a vulnerability surface for indirect prompt injection. 1. Ingestion point: Untrusted data enters via c.req.query('text'). 2. Boundary markers: Absent in the prompt template. 3. Capability: The skill uses env.AI.run for text generation. 4. Sanitization: Absent for the interpolated user input.
Audit Metadata