cloudflare-vectorize
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill follows security best practices for the Cloudflare Workers platform, specifically advising against hardcoding credentials and instead using the Cloudflare Secrets management system for OpenAI API keys.
- [PROMPT_INJECTION]: The skill includes templates for Retrieval Augmented Generation (RAG) and document ingestion. While these patterns are standard for the intended use case, they represent an architectural surface for indirect prompt injection, where untrusted data fetched from external URLs or indexed documents could contain instructions intended to influence the LLM's output. The skill provides basic sanitization (stripping HTML tags) in its ingestion template.
- [EXTERNAL_DOWNLOADS]: The templates provide functionality to fetch content from remote URLs for indexing purposes. This is a legitimate and documented feature for a vector database ingestion pipeline and does not involve the execution of untrusted remote code or binaries.
Audit Metadata