cloudflare-doctor
Pass
Audited by Gen Agent Trust Hub on Jun 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch live documentation from
developers.cloudflare.com. This is a well-known technical service and is used solely for retrieving up-to-date best practices and pricing information. - [COMMAND_EXECUTION]: The skill executes a bundled Python script (
scripts/cfdoctor_static_scan.py) to perform heuristic scans of the local repository. This script is read-only and designed for diagnostic purposes. - [DATA_EXPOSURE]: The bundled scanner script is designed to identify hardcoded secrets in the user's project (e.g., API tokens, database credentials). It includes logic to redact these values (
redacted_secret_line) before displaying findings, preventing the exposure of raw credentials in chat logs or output buffers. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (user-provided project files and configuration) to generate an audit scaffold. This represents an indirect prompt injection surface; however, the skill mitigates this by using structured output formats, recommending human verification, and relying on official documentation for final prescriptions.
- Ingestion points: Processes project files,
wrangler.toml, and runtime code via the local scanner and agent file-read capabilities. - Boundary markers: Audit reports are structured with specific headers (
## Cloudflare Doctor audit,Source basis) to distinguish findings from general agent conversation. - Capability inventory: Limited to file reading and execution of the bundled Python script; mutation of Cloudflare account state is explicitly forbidden without user approval.
- Sanitization: The scanner script implements redaction for sensitive patterns discovered in input files.
Audit Metadata