webflow-designer-extension
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The script scripts/init-extension.sh automates the installation of the @webflow/webflow-cli package globally using npm install -g. Global package installation can have significant side effects on the host system. The script also runs webflow extension init, which fetches project templates from remote sources.
- COMMAND_EXECUTION (MEDIUM): The skill contains multiple utility scripts (init-extension.sh, validate-extension.py, search_references.py) that perform file system manipulation and execute external binaries. While useful for development, these grant the agent broad operational capabilities over the local environment.
- PROMPT_INJECTION (MEDIUM): The scripts/search_references.py script presents an Indirect Prompt Injection surface. It reads and parses markdown content from the references/ directory to provide information to the agent. If these files are tampered with, they could be used to override the agent's instructions.
- Ingestion points: scripts/search_references.py reads all .md files within the references/ folder.
- Boundary markers: Absent. The script extracts the markdown body and passes it to the agent as raw text.
- Capability inventory: The skill includes scripts that can execute shell commands, install software via npm, and modify the file system.
- Sanitization: Absent. The script performs basic regex splitting but does not filter or sanitize the documentation content before providing it to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata