The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): The skill references official Cloudflare repositories and standard npm packages for MCP development. Project initialization instructions point to the cloudflare organization on GitHub, which is a verified and trusted source.
[CREDENTIALS_UNSAFE] (SAFE): The skill correctly demonstrates how to use environment variables and Cloudflare's secrets management (wrangler secret put) for handling sensitive data like JWT secrets and OAuth client credentials. No hardcoded keys or tokens were found; all examples use placeholders.
[PROMPT_INJECTION] (SAFE): No malicious instructions or patterns designed to bypass safety filters or override agent behavior were detected in the templates or documentation.
[DATA_EXFILTRATION] (SAFE): Network operations are restricted to standard, intended API interactions (e.g., GitHub API via the Octokit library) required for tool functionality. There is no evidence of unauthorized data harvesting or transmission to untrusted domains.
[COMMAND_EXECUTION] (SAFE): The provided templates use standard Node.js and Cloudflare Workers execution models. There are no instances of arbitrary command execution or unsafe usage of dynamic execution functions like eval.
[INDIRECT_PROMPT_INJECTION] (SAFE): While the tools ingest user-provided data, the skill mitigates injection risks by implementing strict type-checking and schema validation via the zod library. Additionally, the OAuth templates provide patterns for user identity verification and scoped permissions, limiting the potential impact of malicious payloads in processed data.

cloudflare-mcp-server