Skills
skills/null-shot/cloudflare-skills/building-mcp-server-on-cloudflare/Gen Agent Trust Hub

building-mcp-server-on-cloudflare

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill provides a dangerous code example for a database query tool that is vulnerable to SQL injection.
  • Evidence (SKILL.md): The query_db tool implementation uses this.env.DB.prepare(sql).all() where sql is a raw string input directly from the tool arguments.
  • Ingestion points: query_db tool parameter sql.
  • Capability inventory: Database execution via env.DB.prepare.
  • Sanitization: None provided; the example uses raw string concatenation/interpolation.
  • Risk: This enables arbitrary SQL execution, allowing an attacker to read, modify, or delete all data in the linked Cloudflare D1 database.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill promotes the installation and execution of remote templates and tools from untrusted sources.
  • Evidence: SKILL.md and references/examples.md instruct the user to run npm create cloudflare@latest and npx @modelcontextprotocol/inspector@latest.
  • Risk: Neither the cloudflare nor @modelcontextprotocol organizations are on the pre-defined list of trusted sources, making these unverifiable remote dependencies.
  • [CREDENTIALS_UNSAFE] (LOW): Guidance on handling OAuth secrets includes advice that could lead to secret exposure in logs.
  • Evidence: references/troubleshooting.md suggests printing environment keys and checking secret lists for debugging.
  • Risk: While intended for troubleshooting, this can lead to sensitive API keys being exposed in unencrypted logs or console outputs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:34 PM