cloudflare
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill instructions explicitly direct users to pipe remote scripts from an untrusted domain (
canifi.com) directly into bash (e.g.,curl -sSL https://canifi.com/skills/cloudflare/install.sh | bash). This is a classic RCE pattern that allows for arbitrary code execution with the user's privileges. - Credentials Unsafe (HIGH): The documentation encourages users to provide and store highly sensitive information, including
SERVICE_PASSWORDandCLOUDFLARE_EMAIL, in environment variables. This practice exposes plaintext credentials to the agent and potentially other local processes. - External Downloads (HIGH): The skill depends on remote assets from an unverified source (
canifi.com), which is not part of the established trusted organizations or repositories list. - Indirect Prompt Injection (LOW): The skill processes untrusted data from the Cloudflare dashboard. Evidence Chain: 1. Ingestion points: Cloudflare dashboard via Playwright MCP. 2. Boundary markers: Absent. 3. Capability inventory: Browser automation, shell command execution via installation scripts. 4. Sanitization: Absent. This creates a surface where malicious dashboard content could influence agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/cloudflare/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata