aquaria-cloudflare-ops
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains logic to update itself by downloading a shell script from a remote URL and piping it directly to bash. This pattern is found in
commands/droid/aquaria-cloudflare-ops.mdandcommands/opencode/aquaria-cloudflare-ops.md, targetinghttps://raw.githubusercontent.com/Alcyone-Labs/agent-skills/main/install.sh. - [COMMAND_EXECUTION]: The skill is designed to execute various CLI tools including
pnpmandwranglerfor operations such as deployment, health checks, and managing Cloudflare Workflows. Evidence is throughoutSKILL.mdand thereferences/directory. - [PROMPT_INJECTION]: The skill processes untrusted user input via the
$ARGUMENTSandargsvariables to determine operational tasks and generate command lines. This represents an indirect prompt injection surface. Ingestion points are in the command definition files (commands/opencode/aquaria-cloudflare-ops.md,commands/droid/aquaria-cloudflare-ops.md,commands/gemini/aquaria-cloudflare-ops.toml). Capability inventory includes full shell command execution. No explicit sanitization or boundary markers for the user input are identified.
Audit Metadata