The Agent Skills Directory

[COMMAND_EXECUTION]: Scripts scripts/r2-storage.ts and scripts/workers.ts use child_process.spawnSync to execute the curl command for handling multipart form data and binary transfers. While functionally necessary for Cloudflare API interaction, this grants a subprocess execution surface to the agent.
[DATA_EXFILTRATION]: The skill facilitates reading local files and uploading them to Cloudflare KV storage and R2 buckets. This capability creates a risk of exfiltrating sensitive local data, such as SSH keys or configuration secrets, if the agent is manipulated into uploading them to an attacker-controlled Cloudflare account.
[CREDENTIALS_UNSAFE]: The installation instructions and utility code encourage users to store their CLOUDFLARE_API_KEY in a plain-text .env file within the project root. This common pattern exposes credentials to risk if the agent is granted read access to the project environment.
[PROMPT_INJECTION]: The skill lacks boundary markers for its file ingestion processes, making it vulnerable to indirect prompt injection. 1. Ingestion points: kv-storage.ts (bulk-write), r2-storage.ts (upload), workers.ts (deploy). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess curl calls, arbitrary local file read/write, and Cloudflare API access. 4. Sanitization: Cloudflare resource names are validated, but the contents of the files being processed are not sanitized or escaped.

Cloudflare Manager