cloudflare-assets
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a local shell script named
cf-assets.sh. The agent is instructed to find this script on the filesystem and execute it with arguments for uploading, listing, or deleting files. - [DATA_EXFILTRATION]: The skill's primary function is to transmit local data (files, images, videos) to an external third-party domain
assets.yesy.site. This domain is not recognized as a trusted vendor or well-known service in the provided security context. - [EXTERNAL_DOWNLOADS]: The skill references an external API and documentation hosted at
https://assets.yesy.site/docs. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing arbitrary user-provided files that are then handled by a local script and transmitted over the network.
- Ingestion points: Local files identified by user-provided paths (e.g.,
~/Downloads/photo.jpg) in theuploadcommand. - Boundary markers: The skill does not define specific boundary markers or 'ignore' instructions for the content of the files being processed.
- Capability inventory: The skill has the ability to execute bash scripts (
cf-assets.sh) and perform network requests (REST API) viacurlor similar tools within the script. - Sanitization: No evidence of content sanitization or file validation is present in the skill instructions.
Audit Metadata