wix-cli-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Forceful orchestration instructions. The skill's description uses language like 'BLOCKING REQUIREMENT' and 'Non-negotiable' to mandate its invocation as the agent's absolute first action for Wix-related tasks. While common in orchestration skills to ensure correct routing, this pattern specifically aims to override default agent behavior.
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill template for spawning implementation sub-agents in Step 4 takes the user's original request and passes it verbatim to the next agent in the chain.
- Ingestion points: The `[EXACT user request
- copy verbatim]
placeholder in the sub-agent prompt template withinSKILL.md`. - Boundary markers: Absent. There are no delimiters (e.g., XML tags or triple quotes) or specific 'ignore embedded instructions' warnings surrounding the user-provided content.
- Capability inventory: Sub-agents triggered by this orchestrator are capable of file system operations (creating extension files, editing
extensions.ts), running builds, and performing validation tasks. - Sanitization: None. The instructions explicitly command the agent to copy the user request verbatim into the sub-agent's context.
Audit Metadata