cloudflare
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data retrieved from external Cloudflare API endpoints which may contain untrusted content.
- Ingestion points: API responses from api.cloudflare.com handled via curl, fetch, and language-specific SDKs as described in SKILL.md.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the retrieved data.
- Capability inventory: Includes executing shell commands via the wrangler CLI and performing network operations using curl and fetch (documented in SKILL.md).
- Sanitization: There is no evidence of input validation or sanitization for data received from API calls before it is used in subsequent operations.
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of official libraries and tools from Cloudflare. Specifically, it suggests installing the cloudflare Python package and the @cloudflare/workers Node.js package, and references the wrangler CLI tool.
- [DATA_EXFILTRATION]: The skill documentation describes performing network operations to Cloudflare's official API endpoints (api.cloudflare.com) for managing account resources.
Audit Metadata