host
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the wrangler CLI globally using npm. Wrangler is the official CLI tool for Cloudflare services and is a well-known dependency.
- [COMMAND_EXECUTION]: The skill executes provided shell scripts and the wrangler CLI to perform R2 operations and manage local history. It also utilizes Python for JSON processing.
- [DATA_EXFILTRATION]: The skill uploads user-selected files to an external Cloudflare R2 bucket. This is the primary function of the skill, and the destination is configured by the user.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes and hosts files identified from the current agent session.
- Ingestion points: Reads files provided by the user or identified in the agent's context.
- Boundary markers: None; file content is treated as data for upload.
- Capability inventory: Shell command execution, network uploads to Cloudflare, and writing to local history files.
- Sanitization: Object keys are slugified, but file contents are uploaded without inspection or sanitization.
Audit Metadata