cloudflare-workflows
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXFILTRATION (CRITICAL): Automated scanning identified the domain req.url.in within the skill's components. This domain is blacklisted and frequently used for unauthorized data exfiltration and malicious callback monitoring.
- EXTERNAL_DOWNLOADS (HIGH): The skill specifies a dependency for wrangler at version ^4.44.0 and @cloudflare/workers-types at ^4.20251014.0. As current releases for these packages are in the 3.x range (as of late 2024), referencing non-existent future versions is a strong indicator of a dependency confusion attack or a malicious payload.
- Metadata Poisoning (MEDIUM): The skill metadata and documentation are dated October 2025, which is inconsistent with actual timeframes and suggests deceptive documentation intended to appear more current than reality.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata