The Agent Skills Directory

[SAFE]: The skill is entirely educational and functional, providing boilerplate code and extensive documentation for Cloudflare Workers. No malicious patterns, obfuscation, or unauthorized data access were detected.
[CREDENTIALS_SAFE]: The templates correctly use placeholders for sensitive information such as account IDs, API keys, and database IDs. The documentation explicitly instructs users to manage secrets using Cloudflare's environment variables and the wrangler secret command rather than hardcoding them.
[COMMAND_EXECUTION]: References to shell commands (e.g., wrangler deploy, curl) are standard developer tools for the Cloudflare ecosystem and are provided as instructions for the user to execute manually.
[INDIRECT_PROMPT_INJECTION]: The skill promotes a defensive architecture by using the Zod library for strict schema validation of all tool parameters. This effectively mitigates the surface area for indirect prompt injection by ensuring that only well-formed data reaches the server logic.
[DATA_EXFILTRATION]: There are no patterns suggesting data exfiltration. The network requests shown (e.g., GitHub API via Octokit, Workers AI, D1 queries) are aligned with the stated purpose of the templates.

cloudflare-mcp-server