pp-cloudflare

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches executable binaries from vendor-hosted repositories. Uses go install to download cloudflare-pp-cli and cloudflare-pp-mcp from github.com/mvanhorn/printing-press-library. Uses npx to run the installer from @mvanhorn/printing-press-library.
  • [COMMAND_EXECUTION]: Provides instructions to execute shell commands for extensive Cloudflare management. Includes a --deliver file: argument that allows the CLI to write its output directly to the local file system.
  • [DATA_EXFILTRATION]: Features a built-in mechanism to send data to remote servers. The --deliver webhook: flag enables POSTing command results to any specified URL, which could be used to exfiltrate sensitive account or configuration details.
  • [PROMPT_INJECTION]: Susceptible to indirect prompt injection due to its processing of external data.
  • Ingestion points: Cloudflare API responses (DNS, accounts, workers, etc.) via cloudflare-pp-cli.
  • Boundary markers: Absent.
  • Capability inventory: File system writes (--deliver file:), network requests (--deliver webhook:), and shell execution (cloudflare-pp-cli).
  • Sanitization: None mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:32 PM
Security Audit — agent-trust-hub — pp-cloudflare