The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides instructions and code patterns that store sensitive configuration data and user information in the public DOM using HTML data attributes.
Evidence: The 'Template Variable Syntax' section and 'Complete Example' demonstrate storing {{apiKey}}, {{userEmail}}, and {{userName}} in data-* attributes.
Risk: Sensitive credentials and PII placed in the DOM are accessible to any third-party scripts running on the site.
[REMOTE_CODE_EXECUTION]: The skill facilitates the creation and injection of HTML and JavaScript code fragments into the DOM of Wix sites.
Evidence: Core functionality of injecting embedded.html content into HEAD, BODY_START, or BODY_END via extensions.embeddedScript.
Note: This is primary functionality but represents a high-privilege operation.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by interpolating untrusted dashboard data into scripts without demonstrated sanitization.
Ingestion points: Dashboard parameters interpolated into embedded.html templates.
Boundary markers: Uses {{ }} syntax for variable interpolation.
Capability inventory: Injection of scripts into any page section (HEAD/BODY).
Sanitization: Best practices mention escaping, but provided examples show direct interpolation without sanitization.
[EXTERNAL_DOWNLOADS]: The skill references NPM packages for the Wix development environment.
Evidence: Use of @wix/app-management and @wix/astro/builders.
Context: These are official vendor resources from the author ('wix') and are documented neutrally.

wix-cli-embedded-script