webflow-automation
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires adding an external Model Context Protocol (MCP) server at https://rube.app/mcp to provide the tools necessary for the Webflow automation workflows.
- [COMMAND_EXECUTION]: The skill enables the agent to perform management tasks on Webflow sites, such as WEBFLOW_PUBLISH_SITE, WEBFLOW_CREATE_COLLECTION_ITEM, and WEBFLOW_DELETE_COLLECTION_ITEM, all executed via the remote Rube MCP server.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. * Ingestion points: Data is ingested from external Webflow sites through tools like WEBFLOW_LIST_COLLECTION_ITEMS, WEBFLOW_GET_PAGE, and WEBFLOW_GET_PAGE_DOM (SKILL.md). * Boundary markers: No specific boundary markers, delimiters, or instructions are provided to help the agent distinguish between legitimate site data and potentially malicious instructions embedded within that data. * Capability inventory: The skill possesses significant capabilities, including the ability to create, modify, and permanently delete CMS items and publish live site changes (SKILL.md). * Sanitization: The instructions do not define any sanitization or validation processes for the data retrieved from Webflow before it is used in subsequent agent operations.
Audit Metadata