cloudflare-worker
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill provides patterns for processing untrusted external data which, when combined with the skill's file/database write capabilities, creates an attack surface for indirect prompt injection.
- Ingestion points: The skill templates ingest untrusted data via
c.req.json()andc.req.param()(hono.md),batch.messages(queues-testing.md), andrequest.body(storage.md). - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are included in the provided code templates.
- Capability inventory: The skill utilizes tools and code patterns with side-effect capabilities including
env.DB.run(D1 SQLite write),env.STORAGE.put(R2 Object storage write), and theBashtool for executingwranglerCLI commands. - Sanitization: While SQL patterns correctly use parameter binding, the R2 storage and queue processing patterns lack explicit sanitization or validation of untrusted input.
Audit Metadata