cloudflare-tunnel
Warn
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses shell commands through the
Bashtool to create tunnels, route DNS, and manage system services usinglaunchctl. - [PERSISTENCE_MECHANISMS]: The skill provides detailed instructions to install the
cloudflaredprocess as a persistent background service using a macOS Launch Agent (~/Library/LaunchAgents/com.cloudflare.cloudflared.plist), which ensures the process starts automatically at login. - [PROMPT_INJECTION]: The skill uses placeholders such as
<username>,<app>, and<your-domain>within shell command templates. This presents a surface for indirect prompt injection if an attacker-controlled string is used to fill these variables without proper escaping. - Ingestion points: Template variables in
SKILL.mdmeant for agent interpolation. - Boundary markers: None present to isolate variables from the executable command structure.
- Capability inventory:
Bash(subprocess execution) andWrite/Edit(file system modification). - Sanitization: No sanitization or validation logic is defined for the interpolated values.
- [DATA_EXFILTRATION]: The skill accesses and manages sensitive authentication files in the
~/.cloudflared/directory, includingcert.pemand tunnel credentials stored in JSON format, which are required for the tunnel to function. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
cloudflaredbinary using Homebrew (brew install cloudflared), a standard installation method for the official Cloudflare utility.
Audit Metadata