cloudflare-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation relies on the
npx ai-cloudflarecommand, which fetches theai-cloudflarepackage from the public npm registry at runtime. - [REMOTE_CODE_EXECUTION]: Execution via
npxconstitutes remote code execution as the package is downloaded and executed in the local environment. The packageai-cloudflareis provided by 'LXGIC Studios' (referenced as the authoring studio in the text), which is not listed as a trusted vendor or well-known service. - [COMMAND_EXECUTION]: The skill's primary functionality is delivered through shell command execution, specifically using the
npxbinary to run external tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms untrusted user descriptions into executable code and configuration.
- Ingestion points: User-provided plain English descriptions in the
npxcommand arguments (e.g., inSKILL.md). - Boundary markers: No boundary markers or 'ignore' instructions are used to delimit user input from the generation logic.
- Capability inventory: The tool generates Cloudflare Worker code capable of network operations, KV storage access, and R2 bucket interactions.
- Sanitization: There is no evidence of input sanitization or validation of the generated code before it is presented to the user or deployed.
Audit Metadata