cloudflare-dns
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- Credentials (HIGH): The skill explicitly directs the agent to persist the
CLOUDFLARE_API_TOKENin plain-text by appending it to~/.zshrc. This practice exposes sensitive credentials to any process or user with read access to the filesystem and is a form of unsafe credential storage. - Command Execution (MEDIUM): The skill utilizes shell commands (
zsh -lic) and Python heredocs (`python - <<'PY'`) to interact with system environment variables and external APIs. While the script provided is static, the use of shell profile modification is a high-risk command execution pattern.
- Indirect Prompt Injection (LOW): The skill ingests data from the Cloudflare API (DNS records) which may be controlled by third parties. There are no boundary markers or sanitization steps (Evidence: Step 1 Python script reads from
api.cloudflare.com; Step 3 creates/updates based on this data; Capability includescurlandpythonexecution; Sanitization is absent).
Recommendations
- AI detected serious security threats
Audit Metadata