workers-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and best practices from official Cloudflare domains (developers.cloudflare.com) and retrieves the latest type definitions via the NPM registry (@cloudflare/workers-types). These are trusted sources required for the skill's primary function and do not represent a security risk.
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
npm packandtarto download and extract type definitions into a temporary directory for analysis. These commands are used for legitimate utility purposes to ensure the agent uses the most up-to-date API signatures. - [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were identified. The skill promotes platform-specific security best practices, such as the use of constant-time comparisons and secure secret management.
Audit Metadata