cloudflare-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted content from the internet (URLs) or provided HTML. This content is converted to Markdown and returned to the agent, creating a surface where malicious instructions on a webpage could influence the agent's behavior. * Ingestion points: The --url and --html parameters in render.bash. * Boundary markers: Absent; the script does not wrap output in delimiters or provide warnings. * Capability inventory: Accesses network (api.cloudflare.com) and reads from the macOS Keychain. * Sanitization: Uses jq for JSON structural integrity but performs no sanitization of the content itself.
- [Data Exposure] (LOW): The skill uses the macOS security command to retrieve API keys. While this is more secure than hardcoding, it permits the agent to access host-level system credentials.
- [Safe Practices] (SAFE): The shell script uses set -euo pipefail for error handling and jq for safe construction of JSON payloads, preventing command injection into the HTTP request.
Audit Metadata