cloudflare-workers-publish
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses the sensitive local file path
~/.claude/.secrets/op-service-account-token. This file contains the 1Password service account token required for the skill to retrieve Cloudflare credentials. This is a documented requirement for the skill's functionality. - [COMMAND_EXECUTION]: Executes the
npx wranglercommand to interact with the Cloudflare Workers API. Cloudflare is a well-known service provider. - [EXTERNAL_DOWNLOADS]: Fetches and runs the Cloudflare
wranglerCLI vianpx. This is a trusted tool from a well-known organization. - [REMOTE_CODE_EXECUTION]: Executes the bundled bash script
scripts/publish_static.shwhich manages the deployment workflow and invokes external tools. - [PROMPT_INJECTION]: Susceptible to indirect prompt injection (Category 8) because the
scripts/publish_static.shscript ingests local file paths and interpolates them into a generatedindex.htmlwithout sanitization. Evidence: 1. Ingestion points: Local filesystem search viafindcommand inscripts/publish_static.sh. 2. Boundary markers: None. 3. Capability inventory: Public network deployment vianpx wrangler deploy. 4. Sanitization: None; filenames are placed directly into HTML tags.
Audit Metadata