Skills
skills/thinkfleetai/thinkfleet-engine/cloudflare/Gen Agent Trust Hub

cloudflare

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl and jq to interact with the Cloudflare REST API and process JSON responses. These tools are executed via the system shell.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests and processes data from external API responses without explicit sanitization or delimitation.\n
  • Ingestion points: Output from Cloudflare API calls (zones, DNS records, Worker scripts) in SKILL.md.\n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompts.\n
  • Capability inventory: The skill has the capability to execute shell commands (curl, jq) and perform network operations to a well-known service.\n
  • Sanitization: There is no evidence of data sanitization or validation of the content returned from the API before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:14 AM