cloudwerk-handlers
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override AI behavior or bypass safety filters.\n- Data Exposure & Exfiltration (SAFE): While it describes Cloudflare binding access, it follows standard practices. No hardcoded credentials or exfiltration to untrusted domains were found.\n- Obfuscation (SAFE): No encoded strings, hidden characters, or homoglyphs were detected.\n- Unverifiable Dependencies (SAFE): Mentions @cloudwerk/core and @cloudwerk/security; no untrusted remote code or script execution found.\n- Indirect Prompt Injection (SAFE): The skill instructs on handling dynamic data (e.g., URL parameters). This is a standard surface for web apps and no malicious instruction vectors were found.\n
- Ingestion points: rules/component-page-props.md (params.slug in loader function)\n
- Boundary markers: Not applicable to these code snippets\n
- Capability inventory: None (documentation-only skill with no scripts)\n
- Sanitization: Not shown in snippets; handled by the framework renderer.
Audit Metadata