AgentReadyHomeAgent Listing

← Cloudflare cloudflare-one

Cloudflare cloudflare-one — agentic threat model

8.1AIVSS 8.1 · High

This agent skill provides guidance on highly sensitive Zero Trust and network security configurations; while it primarily acts as an advisory tool, any poisoning of its knowledge base or generation of flawed configurations poses a severe risk to network perimeter security.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.6Factor sum 2.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.30
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation model is not disclosed. Adversarial prompt injection could lead the model to output insecure configuration recommendations for Cloudflare Tunnels or Access policies.

L2 · Data Operations✓ mapped

The skill injects Cloudflare One configuration guidance and best practices. If the source repository or the RAG pipeline feeding this guidance is poisoned, attackers could trick users into deploying backdoored tunnels or overly permissive access policies.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework is not specified. If the hosting agent executes the generated Cloudflare configurations or API calls automatically, insecure tool integration could allow remote command execution or unauthorized network modifications.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment is not described. Since this is an open-source skill, the hosting infrastructure's security depends entirely on the end-user's deployment environment.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, guardrails, or logging mechanisms to detect anomalous or malicious configuration recommendations.

L6 · Security & Compliance (cross-cutting)✓ mapped

The skill directly influences Zero Trust Access policies and Cloudflare Tunnel setups, making its output highly security-sensitive. However, the listing does not mention any built-in compliance mapping or automated policy enforcement controls.

L7 · Agent Ecosystem✓ mapped

As an 'Agent Skill', this component is designed to be imported into larger agentic workflows. Vulnerabilities or malicious instructions within this skill could cascade, compromising the parent agent or other integrated tools.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).