The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The script scripts/analyze-logs.sh is vulnerable to shell command injection. It constructs a command string using the --search argument ($SEARCH_TERM) and executes it using eval "$cmd". If an agent or user passes untrusted input containing shell metacharacters (e.g., backticks or semicolons) as a search term, it could lead to arbitrary command execution.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from HTTP requests for logging and analytics purposes.
Ingestion points: Untrusted data enters via the Request object in templates/logging-setup.ts and TailEvent arrays in templates/tail-worker.ts.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to protect downstream LLMs that might consume these logs.
Capability inventory: The skill utilizes fetch for data exfiltration to logging endpoints (configured by the user) and executes shell commands via scripts using wrangler and jq.
Sanitization: The skill includes a robust redact function that masks common sensitive keys like password, token, secret, and authorization to prevent credential exposure.
[SAFE] (INFO): The automated security alert identifying logger.info as a malicious URL is a false positive. The scanner misinterpreted a standard JavaScript method call for logging as a blacklisted domain.

workers-observability