python-cloudflare
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides misleading instructions to install the
pywranglerpackage via pip to use as a deployment CLI. Thepywranglerpackage currently on the public registry is a data-wrangling library and does not contain theinit,dev, ordeploycommands described. This pattern of recommending a package that does not match its stated functionality is a significant supply chain risk. - [EXTERNAL_DOWNLOADS]: The skill references unverifiable and non-standard dependencies such as
workers-pyin thepyproject.tomlconfiguration, which are not part of the official Cloudflare development toolchain or runtime environment. - [DATA_EXFILTRATION]: The caching example in
SKILL.mdcontains a Server-Side Request Forgery (SSRF) vulnerability. The code extracts a URL from theuriquery parameter and passes it directly to thefetchcommand without validation, allowing the agent/worker to be used as a proxy to access internal or external network resources. - Ingestion points:
params["uri"]extracted from the search parameters of the request URL in the caching example. - Boundary markers: Absent. The user-supplied URL is processed directly without delimiters or validation logic.
- Capability inventory:
js.fetch(network operation) is used to retrieve content from the supplied URL. - Sanitization: Absent. No validation or filtering is performed on the
urlvariable before execution. - [CREDENTIALS_UNSAFE]: The FastAPI integration example includes a public
/envendpoint that explicitly checks for and reveals the existence of a sensitiveAPI_KEYin the environment. This practice facilitates credential discovery and information gathering for potential attackers.
Audit Metadata