cloudflare-turnstile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): Templates correctly reference the official Cloudflare CDN (challenges.cloudflare.com) and verified npm packages (@marsidev/react-turnstile) for client-side integration.
- [COMMAND_EXECUTION] (SAFE): Includes a diagnostic shell script 'check-csp.sh' that uses 'curl' to inspect security headers. The script is a standard utility and does not execute remote code.
- [DATA_EXFILTRATION] (SAFE): Implementation patterns correctly direct sensitive verification requests only to the official Cloudflare Siteverify API endpoint.
- [CREDENTIALS_UNSAFE] (SAFE): The skill provides official, publicly documented Cloudflare dummy keys for development and testing. It correctly instructs users to manage production secrets via environment variables and secrets management systems like Wrangler.
Audit Metadata