cloudflare-worker-builder

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] BENIGN: The code fragment is a legitimate scaffolding/deployment workflow for Cloudflare Workers. It describes steps and configuration patterns consistent with its stated purpose and does not introduce credential access, suspicious network behavior, or hidden payloads. LLM verification: The provided skill is an instructional scaffold for Cloudflare Workers. It contains no embedded malware or explicit data-exfiltration/backdoor code. The main security concerns are operational: unpinned npm installs (supply-chain risk) and guidance that instructs users to run external CLIs which will fetch and execute third-party code and use their Cloudflare credentials during deploy. Recommend pinning dependency versions, auditing installed packages, documenting secure credential handling, and