programmatic-seo
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to use Webflow MCP tools (
data_sites_toolanddata_cms_tool) to perform administrative actions on external Webflow sites, including listing sites, creating collections, defining schemas, and publishing items. These operations modify external state based on agent logic and user input.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in 'Phase 4: Data Population' where it processes user-provided data files.\n - Ingestion points: Data enters the agent context through CSV files or JSON arrays provided by the user in Phase 4 (Option B) of SKILL.md.\n
- Boundary markers: The instructions lack specific boundary markers or instructions to treat the imported data as untrusted content, which could lead the agent to follow instructions embedded within the data.\n
- Capability inventory: The agent possesses extensive capabilities to modify external resources via the
data_cms_tool, as detailed in references/webflow-cms-schemas.md.\n - Sanitization: There are no specified sanitization, validation, or escaping procedures for the content of the imported data before it is processed or pushed to the Webflow CMS.
Audit Metadata