cloudflare-vectorize
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The RAG chatbot template in
templates/rag-chat.tsis vulnerable to indirect prompt injection. It retrieves documents from a vector database and interpolates their content directly into the system prompt for the LLM. - Ingestion points: User input
questionand vector database matches are ingested intemplates/rag-chat.ts(lines 52 and 81). - Boundary markers: Minimal string separators (
---) are used, which are insufficient to prevent an LLM from following instructions embedded within the retrieved data. - Capability inventory: The script uses
env.AI.runto interact with the LLM. - Sanitization: No input sanitization or escaping is performed on the context data before prompt interpolation.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file path access detected. The skill correctly utilizes Cloudflare environment bindings for database and AI services.
- [Obfuscation] (SAFE): No obfuscation, hidden Unicode characters, or encoded commands were found in the templates or documentation.
- [Unverifiable Dependencies] (SAFE): No external script downloads or third-party package installations are performed by the skill's code. Documentation refers to standard, official Cloudflare tools like
wrangler.
Audit Metadata