Skills
skills/henkisdabro/wookstar-claude-code-plugins/building-ai-agent-on-cloudflare/Gen Agent Trust Hub

building-ai-agent-on-cloudflare

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from WebSocket connections in the onMessage and handleChat methods and interpolates it directly into the AI prompt history without boundary markers. Because the agent possesses 'write' and 'execute' capabilities—specifically the ability to perform SQL operations via this.sql and manage background tasks via this.schedule—an attacker could use crafted messages to manipulate the LLM into performing unauthorized database or scheduling actions.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The instructions require the installation and execution of external tools. Evidence: npm install -g wrangler and npm create cloudflare@latest. While these are standard for the Cloudflare ecosystem, the provider is not included in the explicit 'Trusted External Sources' list, making these unverifiable remote dependencies that execute with local user privileges.
  • [COMMAND_EXECUTION] (LOW): The skill encourages the use of npx wrangler deploy and other CLI-based deployment commands which involve executing locally installed packages that were downloaded from external registries.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:01 AM