wix
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
bash -cto execute shell commands that interact with the Wix API. This is the primary mechanism for the skill's functionality. - [EXTERNAL_DOWNLOADS]: The skill connects to
https://www.wixapis.com, which is the official REST API for Wix, a well-known and trusted service. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes data (contacts, blog posts, orders) fetched from an external API.
- Ingestion points: Wix API response data processed in multiple sections of
SKILL.md. - Boundary markers: No specific boundary markers or instructions are provided to the agent to ignore embedded instructions in the retrieved data.
- Capability inventory: The skill possesses network access capabilities via
curl, local file write capabilities to/tmp/request.json, and general command execution viabashandjq. - Sanitization: The skill uses
jqto parse specific fields from JSON responses, which provides structure but does not sanitize the text content for potential malicious instructions.
Audit Metadata