cloudflare-r2
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill documentation and examples expose the agent to Indirect Prompt Injection risks.
- Ingestion points: Untrusted external data enters the agent context through the use of R2 get() and list() operations on objects in R2 buckets.
- Boundary markers: No delimiters or instructions to ignore embedded commands within retrieved objects are present in the provided TypeScript examples or documentation.
- Capability inventory: The skill provides the agent with broad capabilities to modify storage, including put() for overwriting data, delete() for removing objects, and bucket configuration via wrangler.jsonc.
- Sanitization: There is no evidence of sanitization, validation, or escaping of data retrieved from R2 before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata