v0.2.0 · live
CAPFRAME
← leaderboard/Webzum MCP/tool · create_lead_gen_site
§ toolhttpWebzum MCP

create_lead_gen_site

on https://webzum.com/api/mcp

Severity

critical0
high1
medium1
low0
info0

2 findings on this tool

  1. highexcessive agencyf-r3-create_lead_gen_site

    Tool `create_lead_gen_site` name implies a side effect that is not declared

    `create_lead_gen_site` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.

    fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).

    OWASP LLM08NIST MEASURE-2.6ATLAS T0051
  2. mediumindirect injectionf-r6-create_lead_gen_site

    Tool `create_lead_gen_site` fetches external web content -- indirect-injection surface

    Description: "Create a third-party LEAD-GENERATION page about a business (NOT a site for that business itself). Use this when the goal is to drive qualified search traffic to someone else's business — affiliate pages, review/guide pages, niche directories. The page is branded as an outside guide (e.g. "Best Roofers in San Diego"), refers to the business in the third person, and routes CTAs to the business's existing website. Differences from create_site: - Slug + page brand are SEO-vanity (e.g. "best-roofers-sandiego"), not the candidate's brand name. - Voice is third-party guide/reviewer — never first person. - Primary CTA is "visit their website"; phone/email demoted. - No specific pricing quoted; differentiators emphasized. - Locality is judged by category, not just address (IT/SaaS/agency stays category-wide even when a city is on file). Pass a business candidate object from search_businesses — that business is the one being PROMOTED. Requires authentication via API key (Bearer token). Generate an API key at webzum.com/dashboard/account-settings. The page generation happens in the background. Use get_site_status to check progress. Returns the businessId (a vanity slug) which can be used to access the page at /build/{businessId}." -- this tool pulls externally-controlled content into the agent's context window, the canonical indirect-injection vector. Even when the user supplies the URL, content at that URL can carry hostile instructions.

    fix: Sandbox the fetched content: strip prompts before forwarding to the model, constrain to an allow-list of domains, and route through capframe-guard with a `domain in [...]` caveat.

    OWASP LLM01NIST MEASURE-2.3ATLAS T0051

About this tool

create_lead_gen_site is one of 16 tools exposed by Webzum MCP. The server scored 58/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-05.

The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.