workers-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill fetches documentation from developers.cloudflare.com and downloads the @cloudflare/workers-types package from the npm registry. While these sources are related to the skill's purpose, they are external and not on the predefined trusted list.
- COMMAND_EXECUTION (MEDIUM): The skill instructions include the use of shell commands such as 'npm pack', 'tar', and 'npx' to retrieve and process type definitions. This represents a risk of executing or processing potentially untrusted data via the shell.
- REMOTE_CODE_EXECUTION (MEDIUM): Execution of 'npx wrangler' and 'npx tsc' involves running code from packages that may be fetched or updated at runtime.
- PROMPT_INJECTION (LOW): The skill ingests untrusted data from external Cloudflare documentation which could contain malicious instructions. 1. Ingestion points: developers.cloudflare.com URL mentioned in SKILL.md and references/review.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell access (npm, npx, tar, mkdir). 4. Sanitization: Absent.
Audit Metadata