cloudflare-kv
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- SAFE (SAFE): No malicious behavior detected. The skill provides information on Cloudflare Workers KV, including namespace management and CRUD operations.
- [Indirect Prompt Injection] (LOW): The skill defines ingestion points for untrusted data via HTTP request parameters and body content (e.g.,
c.req.param('key')andc.req.text()). While these are standard for KV operations, they represent a surface for indirect prompt injection if the stored data is later retrieved and processed by an LLM without sanitization. No high-risk capabilities likeeval()or system command execution are present. - [Security Alert Verification] (SAFE): An automated scanner reported a malicious URL 'keys.ma'. This string was not found in the provided README.md file. Given the context, this is likely a false positive or refers to content in the referenced but not provided files (e.g., templates or reference docs).
- [Dependencies] (SAFE): The skill references 'hono' and 'wrangler', which are standard, trusted tools in the Cloudflare Workers ecosystem.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata