cloudflare
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill acts as an educational and operational resource for Cloudflare's global network and developer platform. It promotes secure design principles, including Zero Trust architecture and post-quantum cryptography transition strategies. It correctly instructs users to manage secrets via the CLI rather than hardcoding them in scripts.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the official Cloudflare CLI tools,
wranglerandcloudflared, using trusted package managers such as npm and Homebrew. These are well-known developer tools essential for the stated purpose of the skill. - [COMMAND_EXECUTION]: The skill contains a detailed reference for the
wranglerCLI, which is used for project initialization, local development, and deploying resources to the Cloudflare network. All listed commands are standard and legitimate for Cloudflare platform management. - [PROMPT_INJECTION]: Code examples in
references/examples.mddemonstrate ingesting untrusted user data via HTTP requests and search parameters (e.g.,request.json()andurl.searchParams.get()). This represents a standard attack surface for web applications. The skill addresses this by documenting best practices for identity verification and access control headers (e.g.,CF-Access-Authenticated-User-Email) to ensure secure data handling.
Audit Metadata