list_user_sites
on https://webzum.com/api/mcp
Severity
1 finding on this tool
- highsecret exposuref-r10-list_user_sites
Tool `list_user_sites` exposes secrets or credentials to the agent
`list_user_sites` appears to read or return secrets, API keys, credentials, or environment variables (List all websites created by the authenticated user. Returns an array of businessIds with names and URLs. Requires authentication via API key (Bearer token). Generate an API key at webzum.com/dashboard/account-settings.). Values surfaced in the model context are visible to any prompt with injection access; a compromised agent can relay them to an attacker-controlled server.
fix: Do not expose secrets to the agent: inject them server-side at call time rather than passing them through the model context. If a tool must return a credential, scope it with a capframe-bind time-limited caveat and log every issuance.
OWASP LLM06NIST MANAGE-2.2ATLAS T0040
About this tool
list_user_sites is one of 16 tools exposed by Webzum MCP. The server scored 30/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-26.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.