The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines patterns for components that ingest and render data from external or user-controlled sources, creating a potential indirect prompt injection surface. * Ingestion points: Data enters the agent context through this.getAttribute() in .tsx files, widget.getProp() in .panel.tsx files, and items.query() results in EXAMPLES.md. * Boundary markers: None present; the templates do not suggest the use of delimiters to isolate untrusted data or provide warnings to ignore embedded instructions. * Capability inventory: The generated code has access to Wix SDK modules and performs direct DOM manipulation via innerHTML. * Sanitization: Absent; example code directly interpolates variables like displayName, badgeText, and item.title into HTML strings without escaping or sanitization.

wix-cli-site-plugin