cloudflare-images
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXFILTRATION (LOW): The skill performs network requests to api.cloudflare.com and imagedelivery.net to manage image assets. These domains are necessary for the skill's purpose but are not on the provided whitelist of trusted sources.
- PROMPT_INJECTION (LOW): The skill has a surface for indirect prompt injection as it processes image URLs provided in untrusted user data. 1. Ingestion points: Request bodies in batch-upload.ts and upload-via-url.ts. 2. Boundary markers: Absent. 3. Capability inventory: fetch calls to external APIs. 4. Sanitization: Uses the URL constructor to validate format.
- EXTERNAL_DOWNLOADS (LOW): The skill supports ingesting image data from external third-party URLs provided in API requests.
Audit Metadata