wix-cli-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses aggressive, imperative language to override the agent's default behavior and safety priorities.
- Evidence: The
descriptionfield in the frontmatter includes phrases like 'BLOCKING REQUIREMENT', 'MUST invoke this skill IMMEDIATELY', 'absolute FIRST action', and 'Non-negotiable'. - Evidence: The body contains '⚠️ MANDATORY WORKFLOW CHECKLIST ⚠️' and '🛑 STOP: If any box is unchecked, do NOT proceed', which are patterns designed to hijack the agent's internal decision-making process.
- [PROMPT_INJECTION]: The skill acts as an orchestrator that ingests untrusted user requirements and interpolates them directly into prompts for sub-agents (indirect prompt injection surface).
- Ingestion points: The user's original requirements are captured in Step 4 of the workflow.
- Boundary markers: The prompt template for implementation sub-agents lacks explicit boundary markers or instructions to ignore embedded commands within the user input (e.g., `[EXACT user request
- copy verbatim]`).
- Capability inventory: The skill has the capability to spawn multiple sub-agents and invoke secondary skills like
wix-cli-app-validation. - Sanitization: There is no evidence of escaping or validation performed on the user-provided requirements before they are passed to sub-agents.
Audit Metadata