cloudflare-traffic-investigator
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Cloudflare traffic logs, creating a surface for indirect prompt injection.
- Ingestion points: Data from
firewallEventsAdaptiveGroups(includinguserAgent,clientRequestPath, andclientRequestQuery) is ingested insteps/step-05-analyze-traffic.mdandsteps/step-07-extract-users.md. - Boundary markers: There are no explicit delimiters or instructions telling the agent to treat the log data as untrusted or to ignore instructions embedded within it.
- Capability inventory: The skill has access to
Bash,Read,Write, andEdittools across its scripts. - Sanitization: Log data is incorporated directly into an incident report in
steps/step-08-synthesize.mdwithout filtering or escaping. - [EXTERNAL_DOWNLOADS]: The skill automatically installs the
cloudflare-mcp-clipackage globally via NPM if it is not present. - Evidence:
steps/step-01-get-parameters.mdcontains the commandnpm install -g cloudflare-mcp-cli. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to executecloudflare-mcp-cliwith arguments inferred from user-supplied inputs (e.g.,ZONE_ID,START_UTC). - Evidence: Multiple steps, including
steps/step-02-confirm-spike.mdandsteps/step-04-identify-ja4.md, use theBashtool to run CLI commands with parameters derived from the$ARGUMENTSinput.
Audit Metadata