cloudflare-registrar

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The instructions in SKILL.md focus on enforcing a specific safety workflow (Search → Check → Confirm → Register). There are no attempts to bypass safety filters or override agent behavior maliciously.
  • [COMMAND_EXECUTION]: The skill uses local shell scripts to wrap curl commands for the Cloudflare API. Scripts include basic input validation to prevent JSON injection by rejecting quotes and backslashes in domain name arguments.
  • [EXTERNAL_DOWNLOADS]: The scripts communicate exclusively with Cloudflare's official API endpoints (api.cloudflare.com). This is a well-known and legitimate service for the skill's stated purpose.
  • [CREDENTIALS_UNSAFE]: The skill utilizes ACCOUNT_ID and CLOUDFLARE_API_TOKEN environment variables. It follows security best practices by explicitly instructing the user not to share these tokens in the chat and to export them in their shell environment instead.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 06:27 AM
Security Audit — agent-trust-hub — cloudflare-registrar