Skills
skills/langbaseinc/agent-skills/building-mcp-server-on-cloudflare/Gen Agent Trust Hub

building-mcp-server-on-cloudflare

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection & Dynamic Execution (HIGH): The skill provides an example of a database query tool that is highly vulnerable to SQL injection.
  • Ingestion Point: The query_db tool in SKILL.md accepts a raw sql string via the z.string() schema.
  • Capability: The server executes this string directly using this.env.DB.prepare(sql).all().
  • Sanitization: None. There is no parameterization or escaping shown in the example.
  • Risk: An AI agent or malicious user could provide a crafted SQL string (e.g., '; DROP TABLE users; --) to destroy or exfiltrate the entire database.
  • External Downloads & Remote Code (MEDIUM): The skill instructs users to initialize projects using remote templates from a source that is not on the predefined trusted list.
  • Evidence: npm create cloudflare@latest -- --template=cloudflare/ai/demos/... referenced in SKILL.md and references/examples.md.
  • Analysis: While Cloudflare is a known entity, it is not included in the specific [TRUST-SCOPE-RULE] whitelist provided in the instructions. Therefore, downloading and executing code from cloudflare/ai at runtime is classified as a MEDIUM risk.
  • Trusted External Tools (LOW): The skill uses the official MCP inspector.
  • Evidence: npx @modelcontextprotocol/inspector@latest.
  • Analysis: This tool is maintained by the Model Context Protocol project (Anthropics), which is a trusted organization. This finding is downgraded to LOW per the [TRUST-SCOPE-RULE].
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:15 PM