cloudflare-deploy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process user-supplied code and deployment configurations, which serves as a potential ingestion point for malicious instructions.
- Ingestion points: User-provided application source code, configuration files (e.g., wrangler.jsonc), and deployment parameters (found in SKILL.md and various references).
- Boundary markers: The instructions do not specify explicit delimiters or protective prompts to prevent the agent from following instructions potentially embedded within the user's code files during processing.
- Capability inventory: The skill uses powerful tools such as the
wranglerCLI for file manipulation, network requests (fetch), and command execution (wrangler deploy,wrangler secret put). - Sanitization: There are no instructions for the agent to sanitize or inspect user-provided code for malicious patterns before initiating deployment or configuration changes.
- Command Execution (SAFE): The skill documentation correctly identifies and instructs the use of standard Cloudflare CLI tools (Wrangler). Although it requests
sandbox_permissions=require_escalated, this is a necessary and transparent requirement for deployment operations.
Audit Metadata