cloudflare-access-add-user
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses and modifies the
/home/dawiddutoit/projects/network/.envfile, which contains sensitive administrative credentials such asCLOUDFLARE_ACCESS_API_TOKENandCLOUDFLARE_ACCOUNT_ID. Accessing these secrets directly exposes them to the agent context.\n- [COMMAND_EXECUTION]: The agent is instructed to execute a local shell script (/home/dawiddutoit/projects/network/scripts/update-access-emails.sh) using the Bash tool to apply policy changes via the Cloudflare API.\n- [DYNAMIC_EXECUTION]: The skill requires the agent to dynamically modify the contents of theupdate-access-emails.shscript by injecting user-provided email addresses into a JSON array within the script file prior to execution, which is a significant security concern regarding runtime code modification.\n- [INDIRECT_PROMPT_INJECTION]: The skill interpolates untrusted user input (email addresses) into configuration and script files, creating a potential attack surface.\n - Ingestion points: User-provided email strings as defined in the SKILL.md instructions.\n
- Boundary markers: No explicit delimiters or boundary markers are used in the script modification step to isolate user input.\n
- Capability inventory: The skill possesses 'Edit' (file modification) and 'Bash' (command execution) capabilities, allowing it to apply changes and run scripts.\n
- Sanitization: A Python regex-based
validate_emailfunction is suggested to the agent for validating input before processing, which provides some mitigation against malformed input.
Audit Metadata