cloudflare-doctor

Pass

Audited by Gen Agent Trust Hub on Jun 6, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch live documentation from developers.cloudflare.com. This is a well-known technical service and is used solely for retrieving up-to-date best practices and pricing information.
  • [COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/cfdoctor_static_scan.py) to perform heuristic scans of the local repository. This script is read-only and designed for diagnostic purposes.
  • [DATA_EXPOSURE]: The bundled scanner script is designed to identify hardcoded secrets in the user's project (e.g., API tokens, database credentials). It includes logic to redact these values (redacted_secret_line) before displaying findings, preventing the exposure of raw credentials in chat logs or output buffers.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (user-provided project files and configuration) to generate an audit scaffold. This represents an indirect prompt injection surface; however, the skill mitigates this by using structured output formats, recommending human verification, and relying on official documentation for final prescriptions.
  • Ingestion points: Processes project files, wrangler.toml, and runtime code via the local scanner and agent file-read capabilities.
  • Boundary markers: Audit reports are structured with specific headers (## Cloudflare Doctor audit, Source basis) to distinguish findings from general agent conversation.
  • Capability inventory: Limited to file reading and execution of the bundled Python script; mutation of Cloudflare account state is explicitly forbidden without user approval.
  • Sanitization: The scanner script implements redaction for sensitive patterns discovered in input files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 6, 2026, 12:58 AM
Security Audit — agent-trust-hub — cloudflare-doctor