The Agent Skills Directory

Prompt Injection (SAFE): No attempts to override agent behavior or bypass safety guidelines were detected in the documentation. The instructions focus on guiding the agent through the Cloudflare product documentation.
Data Exposure & Exfiltration (SAFE): The skill contains numerous examples of API calls and authentication patterns. All sensitive values such as API tokens, keys, and account IDs are clearly placeholders (e.g., YOUR_API_TOKEN, sk_live_abc123..., token456) or are used in examples of unsafe practices to avoid. No hardcoded real secrets or exfiltration patterns were found.
Obfuscation (SAFE): No obfuscated or encoded content, such as Base64 encoded commands, zero-width characters, or homoglyphs, was identified in the analyzed files.
Unverifiable Dependencies & Remote Code Execution (SAFE): Documentation examples include commands for installing various packages (e.g., npm install pg) and running remote scripts (e.g., curl -fsSL https://code-server.dev/install.sh | sh). These are presented as standard installation and setup instructions for the services being documented and do not represent the skill itself executing malicious code.
Indirect Prompt Injection (LOW): The skill documentation covers services that process external data (like Workers and D1). It consistently emphasizes security best practices, such as the use of prepared statements to prevent SQL injection, and provides boundary markers for data interpolation in examples.

cloudflare