Skills
skills/dmmulroy/cloudflare-skill/cloudflare/Gen Agent Trust Hub

cloudflare

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Prompt Injection (SAFE): No malicious instructions designed to hijack agent behavior or bypass safety guardrails were detected. The content is entirely technical and instructional.
  • Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file access patterns were found. All API usage examples use standard placeholders (e.g., YOUR_API_TOKEN) and emphasize the use of wrangler secret for sensitive values. Network requests are directed at official Cloudflare API endpoints as required for the skill's primary purpose.
  • Obfuscation (SAFE): No evidence of Base64 encoding of commands, zero-width characters, homoglyphs, or other obfuscation techniques was found in the documentation.
  • Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references legitimate, well-known libraries and official Cloudflare packages (e.g., wrangler, hono, @cloudflare/workers-types, pyiceberg). No dangerous remote code execution patterns like curl | bash are present.
  • Privilege Escalation (SAFE): No instructions involving unauthorized privilege escalation (e.g., sudo, chmod 777) were detected.
  • Persistence Mechanisms (SAFE): No unauthorized persistence mechanisms were found. Platform features like Cron Triggers are documented correctly as intended functionality for scheduled tasks.
  • Metadata Poisoning (SAFE): Metadata in the SKILL.md and across the reference subdirectories is accurate and free of malicious hidden instructions.
  • Indirect Prompt Injection (SAFE): While the skill documents building AI agents that process user input, it includes robust 'Gotchas' sections that explicitly warn against insecure practices like direct string interpolation in SQL queries.
  • Time-Delayed / Conditional Attacks (SAFE): No logic was found that gates malicious behavior behind time or environment-based conditions.
  • Dynamic Execution (SAFE): Documentation for platform features involving dynamic execution (like workerd or containers) includes clear warnings that these environments are not hardened sandboxes for untrusted code, demonstrating a strong security posture.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:46 PM