cloudflare-email-routing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- External Downloads (SAFE): The skill identifies official Cloudflare documentation and standard NPM packages (postal-mime, mimetext). No suspicious remote code execution or unauthorized downloads were found.
- Indirect Prompt Injection (SAFE): This skill handles untrusted incoming email data, which is an inherent attack surface. While the snippet in README.md lacks explicit sanitization, this is expected for a basic template and is categorized as a risk surface rather than a malicious finding.
- Scanner Alert Analysis (SAFE): The automated scanner's detection of 'msg.as' is a false positive triggered by the TypeScript method 'msg.asRaw()' in the Sending Emails section. It is not a malicious URL in this context.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata