webflow-designer-api
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill primarily serves as a documentation reference for Webflow developers.
- [COMMAND_EXECUTION]: The skill includes a local utility script
scripts/search_references.py. Analysis of the script confirms it is safe; it performs text-based searching using standard libraries (re, pathlib) and does not use dangerous functions likeeval(),exec(), orsubprocess. - [PROMPT_INJECTION]: The skill implements a defensive mechanism against prompt injection. The
scripts/search_references.pyfile contains a regex_INJECTION_REand asanitize_bodyfunction specifically designed to strip out common prompt injection markers (e.g., 'ignore previous', 'system:', 'override') before displaying content to the agent. - [EXTERNAL_DOWNLOADS]: The documentation references standard developer tools such as
npx create-webflow-extensionand@webflow/webflow-cli. These are recognized as legitimate utilities within the Webflow development ecosystem. External URLs point to official Webflow documentation and the well-known placeholder servicepicsum.photos. - [DATA_EXPOSURE]: The skill uses safe placeholders for sensitive data (e.g.,
YOUR_CLIENT_ID,YOUR_SCOPES) and explicitly warns against committing Client Secrets to version control inreferences/register-app.md.
Audit Metadata