cloudflare-durable-objects
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill templates create an attack surface for Indirect Prompt Injection by combining untrusted data ingestion with high-privilege capabilities.\n
- Ingestion points: WebSockets in
templates/websocket-hibernation-do.ts, HTTP fetch requests intemplates/rpc-vs-fetch.ts, and various API handler methods.\n - Boundary markers: No delimiters or safety instructions are included to prevent the agent from obeying commands embedded in external content.\n
- Capability inventory: SQL storage modification (
this.sql.exec), key-value storage writes (this.ctx.storage.put), and real-time message broadcasting (ws.send).\n - Sanitization: While standard input validation and SQL parameterization are demonstrated, they do not mitigate natural language prompt injection attacks.\n- [COMMAND_EXECUTION] (LOW): The
scripts/check-versions.shscript performs benign version checks using thenpm viewcommand.\n- [EXTERNAL_DOWNLOADS] (LOW): Thetemplates/package.jsonfile references standard Cloudflare development packages, which are verifiable and widely used.
Recommendations
- AI detected serious security threats
Audit Metadata