cloudflare
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- Standard Tool and Script Integration: The skill provides numerous examples for setting up and using official Cloudflare tools and libraries. This includes instructions for installing CLI utilities and integrating client-side scripts for services like Turnstile and Web Analytics, all sourced from trusted Cloudflare domains.
- Secure Credential Management: Throughout the reference files, there is a consistent emphasis on security when handling sensitive data. Examples demonstrate the use of the Cloudflare Secrets Store and environment variables rather than hardcoding credentials. For instance, the
references/api/configuration.mdandreferences/secrets-store/api.mdfiles provide clear patterns for async secret retrieval. - Input Validation and Injection Prevention: The skill explicitly instructs on preventing common vulnerabilities. The database documentation in
references/d1/api.mdmandates the use of prepared statements to mitigate SQL injection risks, andreferences/workers/patterns.mddemonstrates using Zod for robust request validation. - Isolated Execution Patterns: The documentation for products intended for dynamic code execution, such as the Cloudflare Sandbox, correctly identifies these as isolated environments. For example,
references/sandbox/patterns.mdillustrates the installation of development tools within these containers while noting their ephemeral nature to maintain security boundary integrity. - Use of Well-Known CDNs: The skill includes patterns for importing libraries from established and reputable content delivery networks like
esm.shfor prototyping, which is standard practice in the modern web development ecosystem.
Audit Metadata