cloudflare-workers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill establishes an indirect prompt injection surface by scaffolding a web service that processes untrusted external data. Ingestion points: The fetch handler in src/index.js parses URLs, headers, and bodies from HTTP requests. Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the provided templates. Capability inventory: The Worker has access to sensitive environment variables (env.API_KEY) and persistent storage (env.CACHE.put). Sanitization: The templates do not include input sanitization or validation logic to prevent malicious payloads from influencing downstream agent actions.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill directs the user to run 'npm create cloudflare@latest', which downloads and immediately executes a setup script from the npm registry. Since the source is not within the defined trusted scope, this is categorized as a high-risk remote execution pattern.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on several external packages from the npm registry, including 'wrangler' and 'create-cloudflare', which are fetched at runtime.
- [COMMAND_EXECUTION] (LOW): The skill requires the execution of various shell commands for project initialization, local development, and production deployment using the wrangler CLI.
Recommendations
- AI detected serious security threats
Audit Metadata