cloudflare-agents
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides templates for building agents that ingest untrusted external data and interpolate it directly into LLM prompts. \n
- Ingestion points: The
templates/browser-agent.tsfile (lines 105-132) scrapes web content, andtemplates/rag-agent.ts(lines 118-154) retrieves context from a Vectorize database. \n - Boundary markers: Scraped HTML and retrieved context are injected into LLM prompts without delimiters or specific instructions for the model to ignore potential embedded commands. \n
- Capability inventory: The agents are configured with capabilities including network access (Fetch API), browser automation (Puppeteer Rendering), database operations (Vectorize/SQL), and workflow orchestration (Cloudflare Workflows). \n
- Sanitization: No sanitization or filtering of external content is implemented in the provided templates before prompt construction. \n- [EXTERNAL_DOWNLOADS]: The skill references and utilizes several standard, well-known, and trusted Node.js packages including the Cloudflare Agents SDK, Model Context Protocol (MCP) SDK, Cloudflare Puppeteer, and the Vercel AI SDK. These are legitimate dependencies for the stated purpose of building Cloudflare-based AI agents.
Audit Metadata