Skills
skills/null-shot/cloudflare-skills/agents-sdk/Gen Agent Trust Hub

agents-sdk

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Dynamic Execution] (HIGH): The skill documentation explicitly promotes 'Code Mode,' which generates and executes JavaScript at runtime to replace tool calls. This introduces a significant risk if the generating model is influenced by untrusted input, potentially leading to arbitrary code execution within the Cloudflare Worker environment.
  • [Indirect Prompt Injection] (HIGH):
  • Ingestion points: Untrusted data enters via onChatMessage in the AIChatAgent implementation.
  • Boundary markers: None identified in the provided documentation or code examples.
  • Capability inventory: The agent has capabilities for SQL execution (this.sql), task scheduling (this.schedule), and dynamic code execution ('Code Mode').
  • Sanitization: No evidence of input sanitization or output validation is provided, creating a path for attackers to escalate chat-based instructions into database or system operations.
  • [Data Exposure & Exfiltration] (MEDIUM): The use of this.sql template literals for database queries provides a direct interface to underlying storage. While typical Cloudflare drivers parameterize these, the lack of explicit schema enforcement or validation at the SDK layer poses a risk of unauthorized data exposure if exploited via prompt injection.
  • [Metadata Poisoning] (LOW): An automated scanner flagged this.ca as a malicious URL. Analysis indicates this is a false positive triggered by the method string this.cancelSchedule(id) being misinterpreted as a domain.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:12 PM