cloudflare-queues
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): Skill references standard Node.js development dependencies including hono, wrangler, and cloudflare-worker-base for Cloudflare Worker development.
- [PROMPT_INJECTION] (LOW): Detected surface for indirect prompt injection in templates/queues-retry-with-delay.ts. 1. Ingestion points: message.body in the queue handler. 2. Boundary markers: Absent in provided templates. 3. Capability inventory: fetch() to arbitrary URLs, D1Database access, and KVNamespace access. 4. Sanitization: Absent in the callExternalAPI function for the data.url parameter, creating a potential SSRF surface if message contents are untrusted.
- [DATA_EXFILTRATION] (SAFE): Network calls in templates (Stripe, Resend) use environment variables and service bindings for authentication and target standard service endpoints.
- [COMMAND_EXECUTION] (SAFE): CLI references for wrangler are standard management operations necessary for the skill's primary function.
Audit Metadata