cloudflare-images
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is purely instructional and providing code templates for a well-known service.
- [EXTERNAL_DOWNLOADS]: The skill includes several scripts and templates that interact with external services:
scripts/check-versions.shusescurlto verify the availability of official Cloudflare API endpoints (api.cloudflare.comandbatch.imagedelivery.net). These are well-known services and the script is intended for environment verification.templates/upload-via-url.tscontains logic to ingest images from user-provided URLs. This is a standard feature of the Cloudflare Images API and is documented with appropriate validation warnings.- [COMMAND_EXECUTION]: The
scripts/check-versions.shscript executescurlandwranglercommands. These are used for administrative checks of the user's own environment and API status, posing no risk to the agent or host system under normal usage. - [CREDENTIALS_UNSAFE]: The skill correctly instructs users to use environment variables (
IMAGES_API_TOKEN,IMAGES_SIGNING_KEY) rather than hardcoding secrets. Templates use clear placeholders like 'your-account-id'. - [PROMPT_INJECTION]: The instructional content in
SKILL.mdandrules/cloudflare-images.mdis strictly focused on technical implementation and does not contain any patterns intended to bypass safety guardrails or override system instructions.
Audit Metadata