The Agent Skills Directory

[SAFE]: The skill provides documentation and templates for building MCP servers using official Cloudflare tools and libraries. It includes security advisories for used dependencies, such as the PKCE bypass vulnerability (GHSA-qgp8-v765-qxx9) in older versions of the @cloudflare/workers-oauth-provider library.
[COMMAND_EXECUTION]: The skill provides several bash commands for local development and production deployment using npm, npx, and wrangler (Cloudflare's official CLI).
[REMOTE_CODE_EXECUTION]: The setup process involves downloading official Cloudflare Worker templates from the cloudflare/ai GitHub repository using npm create cloudflare@latest. This is a trusted source.
[INDIRECT_PROMPT_INJECTION]: The skill implements servers that ingest data from external sources (GitHub API, SQL databases, and AI model outputs), which creates a surface for indirect prompt injection where instructions could be embedded in the processed data.
Ingestion points: Data fetched via GitHub API in mcp-oauth-proxy.ts, SQL queries in mcp-with-d1.ts, and AI model responses in mcp-with-workers-ai.ts.
Boundary markers: The templates do not explicitly include delimiters or instructions to ignore instructions embedded in tool outputs.
Capability inventory: The templates include tools capable of state modification, such as creating GitHub issues or updating database records.
Sanitization: Input parameters are strictly validated using Zod schemas.
[DATA_EXFILTRATION]: The skill documents network operations required for its primary purpose, such as calling the GitHub API with a user's access token or interacting with an external authentication API for token validation.
[CREDENTIALS_UNSAFE]: The mcp-bearer-auth.ts template contains static example tokens for development demonstrations. These are explicitly marked as placeholders and are accompanied by warnings against their use in production environments.

cloudflare-mcp-server