webflow-debug-bundle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts explicitly fetch and ingest third‑party Webflow data (e.g., the bash script curling https://api.webflow.com/v2/sites and the TypeScript diagnostics that list sites and collections and fetch https://status.webflow.com/api/v2/status.json), which can include untrusted/user-generated site and CMS content that is parsed and used to drive diagnostic outputs and decisions.