Skills
skills/commandcodeai/agent-skills/building-ai-agent-on-cloudflare/Gen Agent Trust Hub

building-ai-agent-on-cloudflare

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The documentation instructs users to execute code and bootstrap projects using npm create cloudflare@latest and npx wrangler deploy. These tools pull code from the 'cloudflare' organization on GitHub/NPM, which is not included in the predefined list of trusted organizations. This constitutes an unverifiable dependency risk.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): An automated scan flagged the domain this.ca as malicious. This appears to be a false positive triggered by the presence of the code substring this.cancelSchedule or this.callback in the reference files, but the finding is recorded due to the blacklist match.
  • [PROMPT_INJECTION] (LOW): The skill demonstrates agent patterns that are vulnerable to indirect prompt injection. User messages are directly interpolated into the AI context, which has access to powerful capabilities.
  • Ingestion points: The onMessage handler in SKILL.md and the onChatMessage method in the AIChatAgent example.
  • Boundary markers: None are used in the code examples to separate user instructions from system prompts.
  • Capability inventory: The agent instances have access to this.sql (SQLite database), this.schedule (task scheduling), and this.setState (persistent state management).
  • Sanitization: No input validation or sanitization logic is provided in the reference implementations.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:36 PM