Skills
skills/tenequm/claude-plugins/cloudflare-workers/Gen Agent Trust Hub

cloudflare-workers

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The package.json and project.json files define a validate script that executes a Python utility located at a relative path outside the skill directory (../.claude/skills/skill-creator/scripts/quick_validate.py). This represents execution of code not bundled with the skill itself.
  • [EXTERNAL_DOWNLOADS]: The documentation encourages the installation of global CLI tools and the use of remote initialization scripts via npm install -g wrangler and npm create cloudflare@latest. These operations download and install software from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The skill guides use npx wrangler and npm create cloudflare, which involve fetching and executing remote packages in the local environment.
  • [DATA_EXFILTRATION]: Instructions include commands like wrangler login and wrangler secret put, which facilitate the transmission of authentication tokens and sensitive environment variables to Cloudflare's infrastructure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 02:20 AM