cloudflare-agents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. Several templates ingest untrusted external data and interpolate it directly into LLM prompts without robust sanitization or boundary markers.\n
- Ingestion points:
templates/browser-agent.ts(scraped HTML) andtemplates/rag-agent.ts(retrieved vector context).\n - Boundary markers: Absent. Data is interpolated using simple string templates.\n
- Capability inventory: The agents have the capability to execute network requests, access SQL databases, and control browser instances.\n
- Sanitization: Absent. The
BrowserAgent.tsonly applies a character slice, which does not prevent adversarial instructions.\n- [DATA_EXFILTRATION] (LOW): Potential for SSRF and Network Access. TheBrowserAgent.tstemplate uses Puppeteer to navigate to arbitrary URLs provided in the request body. If the Cloudflare Worker environment is not isolated from internal services, this could be exploited as a Server-Side Request Forgery (SSRF) vector.\n- [EXTERNAL_DOWNLOADS] (SAFE): Trusted Dependencies. The skill references well-known and reputable packages from standard registries, including@cloudflare/puppeteerand various AI SDKs. No malicious or obfuscated remote code execution patterns were detected.
Audit Metadata