cloudflare
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No override markers or jailbreak attempts detected. Instructional markers like 'IMPORTANT' are used correctly for technical warnings and do not attempt to bypass agent safety filters.
- Data Exposure & Exfiltration (SAFE): Documentation exclusively uses placeholders for credentials (e.g., 'YOUR_API_TOKEN', '') and promotes secure secret management using official tools like 'wrangler secret put'. No exfiltration of sensitive files was detected.
- Obfuscation (SAFE): No hidden or encoded malicious content was found. Base64 strings are present only as technical placeholders for JWT examples or encoded configuration values.
- Remote Code Execution (SAFE): Piped remote script execution patterns (e.g., 'curl | bash') appear only in instructions for installing official CLI tools (like 'cloudflared') or as examples for the isolated Cloudflare Sandbox service.
- Indirect Prompt Injection (SAFE): The skill documents services that ingest untrusted web data (e.g., HTTP requests in Workers). Ingestion points: Worker and Pages fetch handlers. Boundary markers: The documentation explicitly advises the use of prepared statements for SQL to prevent injection. Capability inventory: The platform supports 'fetch', 'sql.exec', and 'sandbox.exec'. Sanitization: Best practices for sanitization are provided in the 'gotchas' and 'patterns' files.
Audit Metadata