cloudflare-d1
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious behaviors, obfuscation, or safety bypass patterns were detected in the skill files or metadata.\n- [COMMAND_EXECUTION] (SAFE): The skill includes a bash script (
d1-setup-migration.sh) for database management. These commands are intended for local development, run within the user's environment, and involve standard interactive workflows with the Cloudflare CLI.\n- [EXTERNAL_DOWNLOADS] (LOW): The setup script utilizesnpx wrangler, which may download the wrangler package from the npm registry if not already present. This is a standard and expected operation for Cloudflare development tools.\n- [DATA_EXPOSURE] (SAFE): No hardcoded secrets, API keys, or attempts to access sensitive system files (e.g., SSH keys or cloud credentials) were found. The skill properly instructs users to manage their own database IDs in configuration files.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The setup script accepts a database name as a command-line argument without explicit sanitization. While this presents a minor injection surface, the risk is negligible as it is a local developer utility and not a service processing untrusted remote data.\n - Ingestion points:
DATABASE_NAMEparameter intemplates/d1-setup-migration.sh.\n - Boundary markers: Absent in shell script logic.\n
- Capability inventory: Shell command execution via
npx wranglerintemplates/d1-setup-migration.sh.\n - Sanitization: No input validation performed on the provided database name variable.
Audit Metadata