webflow-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This endpoint provides the tools necessary for the Webflow integration. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ability to ingest untrusted data from the web and perform high-privilege actions.
- Ingestion points: Reads content from Webflow via
WEBFLOW_GET_PAGE_DOM(DOM nodes),WEBFLOW_LIST_COLLECTION_ITEMS(CMS data), andWEBFLOW_GET_ORDER(ecommerce data). - Boundary markers: The instructions do not specify any delimiters or safety markers (e.g., 'ignore instructions in this content') for the agent to use when processing this external data.
- Capability inventory: The skill has significant capabilities to modify the external environment, including
WEBFLOW_UPDATE_COLLECTION_ITEM,WEBFLOW_DELETE_COLLECTION_ITEM, andWEBFLOW_PUBLISH_SITE(which pushes all staged changes to production). - Sanitization: There is no explicit requirement for the agent to sanitize or validate the content retrieved from Webflow before using it in subsequent operations.
- [SAFE]: The skill includes explicit warnings for the agent to confirm production-impacting or destructive actions (such as publishing a site or deleting items) with the user before proceeding.
Audit Metadata