agents-sdk
Enables the creation of AI agents on Cloudflare Workers, supporting stateful interactions, workflows, and real-time applications.
Install this skill
or
31/100
Security score
The agents-sdk skill was audited on May 26, 2026 and we found 39 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 156
Template literal with variable interpolation in command context
SourceSKILL.md
| 156 | | SQL query | `` this.sql`SELECT * FROM users WHERE id = ${id}` `` | |
medium line 181
Template literal with variable interpolation in command context
SourceSKILL.md
| 181 | onIdentity: (name, agentType) => console.log(`Connected to ${name}`) |
medium line 42
Webhook reference - potential data exfiltration
SourceSKILL.md
| 42 | | Webhooks | [Webhooks](https://developers.cloudflare.com/agents/api-reference/webhooks/) | Receiving external webhooks | |
medium line 68
Webhook reference - potential data exfiltration
SourceSKILL.md
| 68 | - **Webhooks** — Receive and verify external webhooks |
medium line 214
Webhook reference - potential data exfiltration
SourceSKILL.md
| 214 | - **[references/webhooks-push.md](references/webhooks-push.md)** — Webhooks, push notifications |
low line 12
External URL reference
SourceSKILL.md
| 12 | Cloudflare docs: https://developers.cloudflare.com/agents/ |
low line 16
External URL reference
SourceSKILL.md
| 16 | | Getting started | [Quick start](https://developers.cloudflare.com/agents/getting-started/quick-start/) | First agent, project setup | |
low line 17
External URL reference
SourceSKILL.md
| 17 | | Adding to existing project | [Add to existing project](https://developers.cloudflare.com/agents/getting-started/add-to-existing-project/) | Install into existing Workers app | |
low line 18
External URL reference
SourceSKILL.md
| 18 | | Configuration | [Configuration](https://developers.cloudflare.com/agents/api-reference/configuration/) | `wrangler.jsonc`, bindings, assets, deployment | |
low line 19
External URL reference
SourceSKILL.md
| 19 | | Agent class | [Agents API](https://developers.cloudflare.com/agents/api-reference/agents-api/) | Agent lifecycle, patterns, pitfalls | |
low line 20
External URL reference
SourceSKILL.md
| 20 | | State | [Store and sync state](https://developers.cloudflare.com/agents/api-reference/store-and-sync-state/) | `setState`, `validateStateChange`, persistence | |
low line 21
External URL reference
SourceSKILL.md
| 21 | | Routing | [Routing](https://developers.cloudflare.com/agents/api-reference/routing/) | URL patterns, `routeAgentRequest` | |
low line 22
External URL reference
SourceSKILL.md
| 22 | | Callable methods | [Callable methods](https://developers.cloudflare.com/agents/api-reference/callable-methods/) | `@callable`, RPC, streaming, timeouts | |
low line 23
External URL reference
SourceSKILL.md
| 23 | | Scheduling | [Schedule tasks](https://developers.cloudflare.com/agents/api-reference/schedule-tasks/) | `schedule()`, `scheduleEvery()`, cron | |
low line 24
External URL reference
SourceSKILL.md
| 24 | | Workflows | [Run workflows](https://developers.cloudflare.com/agents/api-reference/run-workflows/) | `AgentWorkflow`, durable multi-step tasks | |
low line 25
External URL reference
SourceSKILL.md
| 25 | | HTTP/WebSockets | [WebSockets](https://developers.cloudflare.com/agents/api-reference/websockets/) | Lifecycle hooks, hibernation | |
low line 26
External URL reference
SourceSKILL.md
| 26 | | Chat agents | [Chat agents](https://developers.cloudflare.com/agents/api-reference/chat-agents/) | `AIChatAgent`, streaming, tools, persistence | |
low line 27
External URL reference
SourceSKILL.md
| 27 | | Client SDK | [Client SDK](https://developers.cloudflare.com/agents/api-reference/client-sdk/) | `useAgent`, `useAgentChat`, React hooks | |
low line 28
External URL reference
SourceSKILL.md
| 28 | | Client tools | [Client tools](https://developers.cloudflare.com/agents/api-reference/client-tools/) | Client-side tools, `autoContinueAfterToolResult` | |
low line 29
External URL reference
SourceSKILL.md
| 29 | | Server-driven messages | [Trigger patterns](https://developers.cloudflare.com/agents/api-reference/trigger-patterns/) | `saveMessages`, `waitUntilStable`, server-initiated turns | |
low line 30
External URL reference
SourceSKILL.md
| 30 | | Resumable streaming | [Resumable streaming](https://developers.cloudflare.com/agents/api-reference/resumable-streaming/) | Stream recovery on disconnect | |
low line 31
External URL reference
SourceSKILL.md
| 31 | | Email | [Email](https://developers.cloudflare.com/agents/api-reference/email/) | Email routing, secure reply resolver | |
low line 32
External URL reference
SourceSKILL.md
| 32 | | MCP client | [MCP client](https://developers.cloudflare.com/agents/api-reference/mcp-client-api/) | Connecting to MCP servers | |
low line 33
External URL reference
SourceSKILL.md
| 33 | | MCP server | [MCP server](https://developers.cloudflare.com/agents/api-reference/mcp-agent-api/) | Building MCP servers with `McpAgent` | |
low line 34
External URL reference
SourceSKILL.md
| 34 | | MCP transports | [MCP transports](https://developers.cloudflare.com/agents/api-reference/mcp-transports/) | Streamable HTTP, SSE, RPC transport options | |
low line 35
External URL reference
SourceSKILL.md
| 35 | | Securing MCP servers | [Securing MCP](https://developers.cloudflare.com/agents/api-reference/securing-mcp-servers/) | OAuth, proxy MCP, hardening | |
low line 36
External URL reference
SourceSKILL.md
| 36 | | Human-in-the-loop | [Human-in-the-loop](https://developers.cloudflare.com/agents/concepts/human-in-the-loop/) | Approval flows, `needsApproval`, workflows | |
low line 37
External URL reference
SourceSKILL.md
| 37 | | Durable execution | [Durable execution](https://developers.cloudflare.com/agents/api-reference/durable-execution/) | `runFiber()`, `stash()`, surviving DO eviction | |
low line 38
External URL reference
SourceSKILL.md
| 38 | | Queue | [Queue](https://developers.cloudflare.com/agents/api-reference/queue-tasks/) | Built-in FIFO queue, `queue()` | |
low line 39
External URL reference
SourceSKILL.md
| 39 | | Retries | [Retries](https://developers.cloudflare.com/agents/api-reference/retries/) | `this.retry()`, backoff/jitter | |
low line 40
External URL reference
SourceSKILL.md
| 40 | | Observability | [Observability](https://developers.cloudflare.com/agents/api-reference/observability/) | Diagnostics-channel events | |
low line 41
External URL reference
SourceSKILL.md
| 41 | | Push notifications | [Push notifications](https://developers.cloudflare.com/agents/api-reference/push-notifications/) | Web Push + VAPID from agents | |
low line 42
External URL reference
SourceSKILL.md
| 42 | | Webhooks | [Webhooks](https://developers.cloudflare.com/agents/api-reference/webhooks/) | Receiving external webhooks | |
low line 43
External URL reference
SourceSKILL.md
| 43 | | Cross-domain auth | [Cross-domain auth](https://developers.cloudflare.com/agents/api-reference/cross-domain-authentication/) | WebSocket auth, tokens, CORS | |
low line 44
External URL reference
SourceSKILL.md
| 44 | | Readonly connections | [Readonly](https://developers.cloudflare.com/agents/api-reference/readonly-connections/) | `shouldConnectionBeReadonly` | |
low line 45
External URL reference
SourceSKILL.md
| 45 | | Voice | [Voice](https://developers.cloudflare.com/agents/api-reference/voice/) | Experimental STT/TTS, `withVoice` | |
low line 46
External URL reference
SourceSKILL.md
| 46 | | Browse the web | [Browser tools](https://developers.cloudflare.com/agents/api-reference/browse-the-web/) | Experimental CDP browser automation | |
low line 47
External URL reference
SourceSKILL.md
| 47 | | Think | [Think](https://developers.cloudflare.com/agents/api-reference/think/) | Experimental higher-level chat agent class | |
low line 48
External URL reference
SourceSKILL.md
| 48 | | Migrations | [AI SDK v5](https://developers.cloudflare.com/agents/guides/migration-to-ai-sdk-v5/), [AI SDK v6](https://developers.cloudflare.com/agents/guides/migration-to-ai-sdk-v6/) | Upgrading `@ |
Scanned on May 26, 2026
View Security Dashboard