wix-cli-backend-event
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation for creating Wix event extensions using official vendor resources. All package imports (
@wix/astro,@wix/crm,@wix/essentials,@wix/data, etc.) and documentation links (dev.wix.com) are owned by the trusted vendor 'wix'. - [COMMAND_EXECUTION]: The skill mentions CLI commands like
wix-cli-app-validation, which are standard tools for the Wix development environment and represent the intended primary purpose of the skill. - [PROMPT_INJECTION]: The skill defines patterns for handling external data (Wix site events). This constitutes an indirect prompt injection surface as it ingests untrusted data from the web.
- Ingestion points: Event handler functions (e.g.,
onContactCreated) insrc/backend/events/*.tsfiles. - Boundary markers: Not present in the provided templates; handlers receive raw event payloads.
- Capability inventory: Handlers use Wix SDK APIs (e.g.,
@wix/datafor DB queries) and standardconsole.log. No arbitrary command execution or file system write operations are present in the snippets. - Sanitization: No explicit sanitization or validation of the event payload is shown in the examples, which is common for boilerplate code but noted as a risk factor.
Audit Metadata