cloudflare-tunnel-setup
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute various system-level operations, including docker compose commands for container lifecycle management and docker logs for verification.- [DATA_EXFILTRATION]: The skill accesses the sensitive file path /home/dawiddutoit/projects/network/.env to read and configure the tunnel token. It also initiates network requests to api.cloudflare.com and pihole.temet.ai. Interactions with Cloudflare are recognized as targeting a well-known service required for the skill's intended functionality.- [COMMAND_EXECUTION]: Employs python3 -c to execute inline scripts for validating the JSON structure of tunnel tokens provided by the user. It also executes a local script located at ./scripts/cf-tunnel-config.sh.- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to the processing of external user-provided data.
- Ingestion points: User-provided tunnel tokens are processed and written to the project's .env file (SKILL.md).
- Boundary markers: No explicit delimiters or boundary markers are utilized to separate instructions from the data being processed.
- Capability inventory: The skill is granted extensive permissions, including the ability to write files, execute shell commands, and perform network requests (SKILL.md).
- Sanitization: A Python validation step is implemented to check the token's JSON integrity, which serves as a basic sanitization layer (SKILL.md).
Audit Metadata