cloudflare-workers
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides users to install necessary development dependencies from the npm registry, including
wrangler,@cloudflare/workers-types, and@cloudflare/vitest-pool-workers. These are official packages maintained by Cloudflare, a well-known service provider. - [COMMAND_EXECUTION]: The skill uses the Wrangler CLI (
npx wrangler) for local development, state management, and deployment. These commands are standard for the Cloudflare Workers ecosystem and are used as intended for service configuration and project initialization. - [DATA_EXFILTRATION]: The skill explicitly warns users against storing sensitive information in configuration files. In
SKILL.mdunder 'Critical Prohibitions', it instructs users to usewrangler secret putfor secrets management instead of including them inwrangler.toml, which is a recognized security best practice. - [PROMPT_INJECTION]: As a developer tool for building web services, the skill naturally defines attack surfaces for indirect prompt injection (Category 8).
- Ingestion points: The
fetch,queue, andemailhandlers documented inreferences/runtime.mdingest untrusted data from HTTP requests, message queues, and inbound emails. - Boundary markers: The provided code examples are generic templates and do not include specific delimiters or 'ignore' instructions for data processed by downstream AI components.
- Capability inventory: The skill documents capabilities to interact with external networks (Fetch API), persistent storage (KV, R2, D1), and AI inference (Workers AI), as detailed in
references/bindings.md. - Sanitization: The documentation focuses on functional implementation; developers are responsible for implementing data validation and sanitization for their specific use cases.
Audit Metadata