Skills
skills/aradotso/ai-agent-skills/cloudflare-agentic-inbox/Gen Agent Trust Hub

cloudflare-agentic-inbox

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions involve cloning the source code from Cloudflare's official GitHub repository (github.com/cloudflare/agentic-inbox.git).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted incoming emails through an AI agent.
  • Ingestion points: Incoming emails are received via the email handler in worker/index.ts and stored within a Durable Object.
  • Boundary markers: There are no explicit delimiters or boundary markers shown in the prompt implementation to isolate the untrusted email content from system instructions.
  • Capability inventory: The AI agent in EmailAgentDurableObject has access to sensitive tools including read_inbox and send_email (via env.SEB).
  • Sanitization: The provided code snippets do not include sanitization or filtering logic to prevent malicious instructions embedded in email bodies from being interpreted by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:51 PM
Security Audit — agent-trust-hub — cloudflare-agentic-inbox