bulk-cms-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interprets user-generated CMS content via Webflow MCP calls (e.g., data_cms_tool actions like list_collection_items and get_collection_details) — including post-body rich text and image URLs from collections — which are untrusted third-party content the agent reads as part of its workflow.