cloudflare
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites via the
cf_browser.pyscript. Malicious instructions embedded in scraped web pages could potentially influence the agent's behavior. \n - Ingestion points:
scripts/cf_browser.pyoutput (markdown, HTML, and JSON data fetched from external URLs). \n - Boundary markers: Absent. The skill does not provide specific delimiters or instructions to the agent to isolate scraped content from its primary directives. \n
- Capability inventory: The agent has extensive permissions to manage Cloudflare infrastructure, including deploying worker code, modifying D1 databases, and managing R2 storage buckets via the
wranglerCLI. \n - Sanitization: Absent. The helper script returns the output of the Cloudflare Browser Rendering API without additional filtering or content validation. \n- [COMMAND_EXECUTION]: The skill executes the
wranglerCLI to manage Cloudflare services and runs a local Python helper script (cf_browser.py) for web scraping and data extraction tasks. \n- [EXTERNAL_DOWNLOADS]: The skill interacts with Cloudflare's official REST API to perform management and rendering tasks. It also facilitates the installation of official Cloudflare-maintained packages and tools through standard package managers.
Audit Metadata