cloudflare-r2
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): Comprehensive review across all ten threat categories found no malicious behavior. The skill is instructional and provides boilerplate code for legitimate cloud storage operations.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were detected. The skill correctly instructs users to manage sensitive keys via environment variables and Cloudflare Wrangler secrets.
- [EXTERNAL_DOWNLOADS] (SAFE): The dependencies mentioned (hono, aws4fetch, etc.) are standard, reputable packages used for building Cloudflare Workers.
- [DATA_EXFILTRATION] (SAFE): Network communication within the templates is restricted to the user's own R2 storage endpoints on cloudflarestorage.com.
- [PROMPT_INJECTION] (SAFE): Category 8 analysis: 1. Ingestion points: Filenames and object bodies (r2-simple-upload.ts). 2. Boundary markers: Absent in basic templates. 3. Capability inventory: R2 CRUD operations (r2-simple-upload.ts). 4. Sanitization: Relies on native R2 binding validation. As the skill is a storage utility, this represents a standard functional surface rather than a malicious intent.
Audit Metadata