cf-crawl
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
evalto export environment variables sourced from local configuration files. This pattern is vulnerable to command injection if an attacker can control the contents of the.envor~/.envfiles. - [DATA_EXFILTRATION]: The workflow attempts to access sensitive files including
.envand~/.envto retrieve API credentials. Accessing configuration files in the home directory is a high-risk behavior as these files often contain secrets for multiple services. - [EXTERNAL_DOWNLOADS]: Fetches content from Cloudflare's official API (
api.cloudflare.com). While Cloudflare is a well-known service, this involves the transmission of sensitive API tokens. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Ingestion points: External web content fetched via
urllib.request.urlopen. Boundary markers: None; content is saved directly to markdown files. Capability inventory: File system write access (open(filepath, 'w')). Sanitization: Absent; raw markdown content from the crawl is written to disk without filtering.
Audit Metadata