cloudflare-3
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the 'wrangler' package via npm ('npm install -g wrangler'). Wrangler is the official CLI tool for Cloudflare, which is a well-known and trusted service provider. This dependency is considered standard and safe for its intended purpose.
- [COMMAND_EXECUTION]: The skill provides numerous patterns for executing shell commands via the Wrangler CLI. These include deploying worker code ('wrangler deploy'), executing SQL commands or files ('wrangler d1 execute'), and managing secrets. While these are legitimate administrative tasks, they represent a capability tier that allows for remote code deployment and database manipulation.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection.
- Ingestion points: The skill reads external data from SQL files ('schema.sql'), JSON secret files ('secrets.json'), and local files for R2 object storage.
- Boundary markers: None are specified in the provided instructions to delimit external file content from agent instructions.
- Capability inventory: The skill includes commands for remote code deployment ('wrangler deploy'), SQL execution ('wrangler d1 execute'), and file uploads ('wrangler r2 object put').
- Sanitization: There is no evidence of sanitization or validation of the content within the files processed by the agent before they are passed to the CLI tools.
Audit Metadata