cloudflare-registrar
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The instructions in SKILL.md focus on enforcing a specific safety workflow (Search → Check → Confirm → Register). There are no attempts to bypass safety filters or override agent behavior maliciously.
- [COMMAND_EXECUTION]: The skill uses local shell scripts to wrap
curlcommands for the Cloudflare API. Scripts include basic input validation to prevent JSON injection by rejecting quotes and backslashes in domain name arguments. - [EXTERNAL_DOWNLOADS]: The scripts communicate exclusively with Cloudflare's official API endpoints (
api.cloudflare.com). This is a well-known and legitimate service for the skill's stated purpose. - [CREDENTIALS_UNSAFE]: The skill utilizes
ACCOUNT_IDandCLOUDFLARE_API_TOKENenvironment variables. It follows security best practices by explicitly instructing the user not to share these tokens in the chat and to export them in their shell environment instead.
Audit Metadata