webflow-hello-world
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from Webflow sites and collections.\n
- Ingestion points: The code snippets list sites, collections, and items from the Webflow API (
webflow.sites.list,webflow.collections.list,webflow.collections.items.listItems), bringing external content into the agent's context.\n - Boundary markers: Data retrieved from the API is printed directly to the console without delimiters or instructions for the agent to disregard any embedded commands.\n
- Capability inventory: The skill is configured with
Bash,Write, andEdittools, which could be misused if the agent obeys instructions found within the retrieved content.\n - Sanitization: The example scripts do not perform sanitization or validation of the API field data before outputting it.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the
webflow-apipackage, which is the official SDK hosted on the standard NPM registry.
Audit Metadata