cloudflare-vectorize
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The RAG implementation in templates/rag-chat.ts ingests untrusted data via the /ingest and /index routes which is later interpolated into LLM prompts. 1. Ingestion points: 'documents' array in /ingest and 'content' field in /index. 2. Boundary markers: Uses simple 'Context:' prefixes with string interpolation but lacks robust escaping or multi-layer delimiters. 3. Capability inventory: The templates utilize env.AI (Llama-3 LLM) and env.VECTORIZE_INDEX. 4. Sanitization: Implements basic string truncation but no logic to strip embedded instructions.
- Prompt Injection (LOW): The /chat endpoint in templates/rag-chat.ts accepts a user-provided 'conversationHistory' array and spreads it directly into the LLM messages list. This pattern allows an attacker to inject system-role messages or craft a conversation state that bypasses the primary system instructions.
- General Security (SAFE): No evidence of hardcoded credentials, unauthorized exfiltration, or malicious persistence was detected. The referenced wrangler CLI tool is the official Cloudflare management package.
Audit Metadata