Skills
NYC
skills/ovachiever/droid-tings/cloudflare-agents/Gen Agent Trust Hub

cloudflare-agents

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill demonstrates an indirect prompt injection surface (Category 8) in several templates.
  • Ingestion points: templates/browser-agent.ts (scraped HTML via Puppeteer) and templates/rag-agent.ts (retrieved context from Vectorize).
  • Boundary markers: Absent. Untrusted data is concatenated directly into prompt strings (e.g., Extract product information ... from this HTML: ${bodyContent}).
  • Capability inventory: The agents have the ability to make outbound network calls to AI providers (OpenAI, Anthropic) and perform automated browser actions.
  • Sanitization: No sanitization or escaping of the external data is performed before it is sent to the LLM.
  • EXTERNAL_DOWNLOADS (SAFE): The skill utilizes legitimate, well-known packages for its functionality, including @cloudflare/puppeteer and the Vercel AI SDK (ai). All imports are from trusted organizations.
  • COMMAND_EXECUTION (SAFE): While the skill uses browser automation (Puppeteer), this is limited to the intended functionality of scraping and screenshots within Cloudflare's sandboxed rendering environment.
  • CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets were found. The templates correctly utilize environment variable bindings (e.g., this.env.OPENAI_API_KEY) for sensitive credentials.
  • FALSE POSITIVE ALERT: The automated scanner's detection of this.ca is a false positive. It is likely a result of the scanner misinterpreting code snippets such as this.calculateApprovalRate() in hitl-agent.ts or this.cancelSchedule() in scheduled-agent.ts as a domain.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:59 PM