cloudflare-r2
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is the legitimate tool for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to perform actions like searching for connectors, managing connections, and running integration actions. These commands are local to the user's environment and used for their intended administrative purposes. - [DATA_EXFILTRATION]: While the skill involves network operations to Cloudflare R2 and Membrane's proxy, these are documented functional requirements for object storage management. The skill explicitly advises against manual credential handling, recommending Membrane's built-in OAuth/token management instead.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes data from Cloudflare R2.
- Ingestion points: Data retrieved from Cloudflare R2 buckets through
membrane action runormembrane request(SKILL.md). - Boundary markers: No specific boundary markers or 'ignore' instructions are provided for processed data.
- Capability inventory: The skill can execute shell commands via the
membraneCLI and perform network operations (SKILL.md). - Sanitization: No explicit sanitization or validation of data retrieved from external APIs is mentioned.
Audit Metadata