workers-runtime-apis
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): Analysis of 11 files (documentation and templates) confirms that the skill is an educational resource for Cloudflare Workers developers. No indicators of prompt injection, obfuscation, or unauthorized data access were found.
- [COMMAND_EXECUTION] (INFO): The templates use the
fetchAPI for making network requests, which is the primary intended use of Cloudflare Workers. The code includes robust patterns such asAbortControllerfor timeouts and exponential backoff for retries. - [CREDENTIALS_UNSAFE] (INFO): Sensitive values are consistently accessed via the
envobject (e.g.,env.API_KEY,env.JWT_SECRET), aligning with Cloudflare's secure secrets management practices. No hardcoded production credentials were detected. - [DATA_EXFILTRATION] (INFO): While the skill enables network communication, all examples use placeholder domains (e.g.,
api.example.com) and are standard for API proxying or client-side interactions. - [REMOTE_CODE_EXECUTION] (INFO): No dynamic execution patterns (like
eval()ornew Function()) or unverifiable external dependencies were used. The code relies entirely on the built-in Cloudflare Workers runtime APIs.
Audit Metadata