Skills
skills/involvex/skills/building-mcp-server-on-cloudflare/Gen Agent Trust Hub

building-mcp-server-on-cloudflare

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npm create cloudflare which pulls templates from github.com/cloudflare/ai, a well-known repository from a trusted service provider. This is a standard and expected part of the project initialization workflow.
  • [PROMPT_INJECTION]: The query_db tool implementation in SKILL.md creates an indirect prompt injection surface by accepting a raw sql string parameter and executing it directly against the database binding (env.DB.prepare(sql).all()). This lacks the recommended evidence chain protections: 1. Ingestion point: sql parameter in SKILL.md. 2. Boundary markers: No explicit instructions to ignore embedded commands are present in the code or prompt context. 3. Capability inventory: The tool has the capability to perform arbitrary SQL execution (read/write) against the Cloudflare D1 database binding (env.DB). 4. Sanitization: Absence of parameterization, input validation, or escaping in the provided code example.
  • [COMMAND_EXECUTION]: The skill instructs users to perform development tasks using tools like wrangler and npm, including deploying code to production environments (wrangler deploy) and running local testing environments. These commands are standard and necessary for the advertised functionality of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 05:06 AM