cloudflare-email-routing
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the instructions and code templates reveals standard development practices for the Cloudflare Workers platform. The instructions accurately reflect official Cloudflare documentation and common troubleshooting scenarios.
- [EXTERNAL_DOWNLOADS]: The skill references standard, versioned Node.js packages (
postal-mime@2.5.0,mimetext@3.0.27) which are established, well-known tools for email processing in the JavaScript ecosystem. - [COMMAND_EXECUTION]: Includes standard CLI commands for environment setup and deployment (
bun add,npx wrangler deploy) which are essential for developing and deploying Cloudflare Workers. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted external data (incoming emails). While this is a known attack surface, the provided code templates implement standard parsing and routing logic and do not interpolate untrusted data into LLM contexts, which mitigates the risk within the scope of this skill's provided templates.
- Ingestion points: Incoming emails are processed in
src/email.tsand varioustemplates/*.tsfiles via theemailhandler. - Boundary markers: Not applicable for these standalone code templates.
- Capability inventory: Templates use
message.forward(),env.SES.send(), andenv.DBcalls intemplates/send-notification.tsandtemplates/receive-reply.ts. - Sanitization: Basic email format validation is provided in
templates/send-notification.ts.
Audit Metadata