python-cloudflare

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides misleading instructions to install the pywrangler package via pip to use as a deployment CLI. The pywrangler package currently on the public registry is a data-wrangling library and does not contain the init, dev, or deploy commands described. This pattern of recommending a package that does not match its stated functionality is a significant supply chain risk.
  • [EXTERNAL_DOWNLOADS]: The skill references unverifiable and non-standard dependencies such as workers-py in the pyproject.toml configuration, which are not part of the official Cloudflare development toolchain or runtime environment.
  • [DATA_EXFILTRATION]: The caching example in SKILL.md contains a Server-Side Request Forgery (SSRF) vulnerability. The code extracts a URL from the uri query parameter and passes it directly to the fetch command without validation, allowing the agent/worker to be used as a proxy to access internal or external network resources.
  • Ingestion points: params["uri"] extracted from the search parameters of the request URL in the caching example.
  • Boundary markers: Absent. The user-supplied URL is processed directly without delimiters or validation logic.
  • Capability inventory: js.fetch (network operation) is used to retrieve content from the supplied URL.
  • Sanitization: Absent. No validation or filtering is performed on the url variable before execution.
  • [CREDENTIALS_UNSAFE]: The FastAPI integration example includes a public /env endpoint that explicitly checks for and reveals the existence of a sensitive API_KEY in the environment. This practice facilitates credential discovery and information gathering for potential attackers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — python-cloudflare