cloudflare-vectorize
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file path access detected. Network operations are limited to standard Cloudflare services.
- Obfuscation (SAFE): No hidden, encoded, or deceptive characters detected in the content.
- Unverifiable Dependencies & RCE (SAFE): Uses npx wrangler, which is the official CLI for Cloudflare Workers. No suspicious external scripts or unauthorized packages.
- Indirect Prompt Injection (LOW): As a RAG (Retrieval Augmented Generation) resource, the skill inherently deals with processing external data.
- Ingestion points: fetch request input and vector database query results.
- Boundary markers: Delimiters are not explicitly present in the high-level TS snippets.
- Capability inventory: Subprocess calls via wrangler CLI and inference calls via Cloudflare Workers AI.
- Sanitization: None explicitly shown in the code snippets.
- Metadata Poisoning (SAFE): Metadata fields are used appropriately for attribution and licensing without deceptive content.
Audit Metadata