The Agent Skills Directory

Data Exposure & Exfiltration (LOW): The skill enables the agent to access highly sensitive information through commands like wrangler secret list, wrangler kv key get, and wrangler d1 execute. If the agent's output is not strictly controlled, this could lead to the exposure of production secrets or private database records.
Indirect Prompt Injection (LOW): The skill facilitates the ingestion of external, potentially attacker-controlled data, creating a surface for indirect prompt injection.
Ingestion points: wrangler tail (streaming worker logs), wrangler kv key get (values from storage), and wrangler d1 execute (SQL query results).
Boundary markers: The skill does not provide any instructions to the agent to treat these outputs as data rather than instructions, nor does it use delimiters to isolate the content.
Capability inventory: Through the wrangler CLI, the agent can deploy code (wrangler deploy), manage secrets, and modify database schemas.
Sanitization: There is no evidence of sanitization or validation of the data retrieved from Cloudflare services.
Command Execution (LOW): The skill's primary function is to execute shell commands via the wrangler CLI. While legitimate, this allows the agent to perform impactful actions such as deleting storage buckets (wrangler r2 bucket delete) or modifying worker deployments, which could lead to service disruption if misused.

wrangler