cloudflare-email-service
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [Trusted Source Integration]: The skill exclusively references official resources from Cloudflare, including documentation at developers.cloudflare.com and the Cloudflare MCP server on GitHub. These are established, trusted sources for service configuration.
- [Credential Management Best Practices]: The documentation consistently advises users to handle sensitive information like API tokens via environment variables or Cloudflare secrets. It correctly uses placeholders like
<API_TOKEN>in examples to avoid accidental exposure of real credentials. - [Input Handling Awareness]: In the section on receiving and routing emails, the skill describes parsing untrusted MIME content from external senders. It addresses the inherent risks of processing external data by recommending a human-in-the-loop architecture, where AI-generated drafts are reviewed before being sent, which is an effective mitigation for potential indirect prompt injection.
- [Secure Use of CLI Tools]: The skill provides instructions for using standard, well-known development tools such as the Cloudflare Wrangler CLI. These tools are used for legitimate project configuration and domain onboarding tasks.
Audit Metadata