cloudflare-hyperdrive
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): Extensive review of the skill's code, templates, and scripts revealed no security threats. The skill strictly provides educational content and boilerplate for Cloudflare Workers database connectivity.
- Indirect Prompt Injection (LOW): The skill templates (e.g.,
templates/postgres-basic.ts,templates/mysql2-basic.ts) define patterns for ingesting data from external databases. - Ingestion points: Data enters the agent context through
client.queryordb.selectresults in all template files. - Boundary markers: None present; database output is returned directly to the agent's response context without delimiters.
- Capability inventory: The skill facilitates network operations (database connections) and data retrieval. No unsafe
evalorexecfunctions are applied to retrieved data. - Sanitization: The templates correctly implement parameterized queries (e.g.,
WHERE id = $1) to prevent SQL injection. However, the resulting data is not sanitized for potential adversarial instructions before being passed back to the agent.
Audit Metadata