cloudflare-workers-url-shortner
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill guides the user to capture and store visitor metadata including raw IP addresses (
ip_raw), approximate location (country,city), and request headers for analytics and alerting (Telegram). - Evidence: The skill documentation explicitly lists capturing
ip_raw,cf_connecting_ipv6, andrequest.cfgeography data. - Mitigation: The skill includes best practices to avoid capturing
authorizationorcookieheaders and suggests using IP hashing with salts to protect privacy. - [PROMPT_INJECTION] (LOW): The skill defines a surface for Indirect Prompt Injection (Category 8) by ingesting untrusted data from web requests.
- Ingestion points: Untrusted data enters the system via the
id/slugparameters and various request headers (User-Agent,Referer). - Boundary markers: The skill does not explicitly mention prompt boundary markers, but the intended use is for database storage rather than immediate LLM re-processing.
- Capability inventory: The skill involves writing to D1 (SQL) and Redis, and making network calls to a Telegram alerting endpoint.
- Sanitization: The skill recommends sanitizing headers via an allowlist to prevent sensitive data leakage.
Audit Metadata