building-ai-agent-on-cloudflare
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- Indirect Prompt Injection (SAFE): The skill creates agents that process user-controlled input (e.g., chat messages). While this establishes a surface for indirect prompt injection, it is the intended primary purpose of the skill. The code samples demonstrate structured handling of these messages.
- Automated Scan Alert Analysis (SAFE): An automated scanner flagged 'this.ca' as a malicious URL. Manual inspection confirms this is a false positive. The scanner likely misinterpreted the code syntax in 'SKILL.md' where
this.cancelSchedule(taskId)contains the substring 'this.ca'. There are no actual network requests or references to a 'this.ca' domain. - External Downloads (SAFE): The skill references standard Cloudflare project initialization commands (
npm create cloudflare) and official Cloudflare GitHub repositories. These are trusted infrastructure tools for the Cloudflare ecosystem and do not pose a security risk in this context. - Command Execution (SAFE): Use of
wranglerandnpmcommands is restricted to project setup and deployment instructions for the user, which is standard for developer-oriented skills.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata