webflow
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes bash command templates to run curl and jq for authenticated interactions with the Webflow REST API.\n- [EXTERNAL_DOWNLOADS]: Communicates with official Webflow API endpoints (api.webflow.com) to retrieve site metadata, CMS content, and assets.\n- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface associated with the ingestion of external data.\n
- Ingestion points: Processes content from Webflow form submissions and CMS collection item fields (SKILL.md).\n
- Boundary markers: Does not employ explicit delimiters or instruction overrides to protect against embedded commands in the retrieved data.\n
- Capability inventory: Supports shell command execution via bash (SKILL.md).\n
- Sanitization: Untrusted external data is parsed for JSON structure but is not sanitized for natural language instructions before delivery to the agent.
Audit Metadata