The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the cloudflare-mcp-cli package from the NPM registry. This package does not belong to a trusted organization or well-known vendor, presenting a risk of executing unverified code on the host system.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute a third-party CLI tool (cloudflare-mcp-cli). This tool is used to perform API calls and handle sensitive authentication tokens. Furthermore, the skill constructs JavaScript snippets for execution by interpolating data retrieved from external logs (such as JA4 fingerprints) directly into code strings. This pattern of dynamic code generation increases the risk of injection if the external data contains malicious payloads.
[PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface as it ingests and processes untrusted data from Cloudflare logs, including User-Agent strings, requested paths, and query parameters.
Ingestion points: Data enters the context via GraphQL responses in steps/step-05-analyze-traffic.md, steps/step-06-verify-legitimacy.md, and steps/step-07-extract-users.md.
Boundary markers: None. The agent is instructed to synthesize this raw data directly into the final report template in steps/step-08-synthesize.md.
Capability inventory: The agent has access to Bash, Write, and Edit tools, which could be abused if the agent is influenced by malicious instructions embedded in the logs.
Sanitization: There is no evidence of sanitization or filtering of the external log content before it is processed by the agent.

cloudflare-traffic-investigator