wix-cli-site-widget
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines patterns for ingesting external, untrusted data through widget properties and database queries, which constitutes a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through
WidgetProps(e.g.,title,font,collectionId) inwidget.tsxand through external database items fetched via@wix/data. - Boundary markers: Templates lack explicit delimiters or instructions to ignore embedded commands within the ingested property values.
- Capability inventory: The generated widgets have the capability to perform file-system-like operations (via registration in
extensions.ts) and network-mediated data access (via@wix/data). - Sanitization: There is no evidence of input sanitization or validation for the properties before they are rendered or used in logic (e.g.,
JSON.parse(font)is used directly).
Audit Metadata