The Agent Skills Directory

[DATA_EXFILTRATION]: The template file templates/ai-vision-models.ts implements a /vision/url endpoint that accepts a user-provided URL and retrieves it using the fetch() API. Since there is no validation or filtering of the target URL, this introduces a potential Server-Side Request Forgery (SSRF) vulnerability, which could be exploited to probe internal network endpoints or access unauthorized external resources.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted external data and user-provided prompts.
Ingestion points: Untrusted URLs processed in the /vision/url endpoint and raw user messages used in text generation templates.
Boundary markers: Absent in the fetching logic and the primary inference patterns shown in the templates.
Capability inventory: The skill possesses network read capabilities through fetch() and extensive model interaction capabilities via the env.AI.run() binding.
Sanitization: While the documentation in references/best-practices.md suggests input sanitization techniques, the core templates for fetching external data and performing inference do not implement these validation or filtering checks.

cloudflare-workers-ai