wix-manage
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional Markdown files (recipes) providing JSON schemas and
curlexamples for Wix's official REST APIs. No executable scripts, binary files, or automated installers are included. - [DATA_EXPOSURE]: No hardcoded credentials, API keys, or secrets were found. The recipes correctly use placeholders like
<AUTH>,<SITE_ID>, and<RESOURCE_ID>for sensitive information, adhering to security best practices. - [EXTERNAL_DOWNLOADS]: All network references and API endpoints target official Wix domains (wixapis.com, wix.com, wixstatic.com). As these originate from the verified vendor 'wix', they are considered safe infrastructure for the skill's operation.
- [PROMPT_INJECTION]: While deterministic scanners flagged potential concealment in the domain purchase recipe, analysis confirms the instructions are benign UX guidance. Commands such as 'Do NOT tell the user to go to the Wix dashboard' are intended to streamline the user experience by providing direct purchase links rather than hiding malicious actions from the user.
- [COMMAND_EXECUTION]: The skill provides examples of
curlcommands for documentation purposes. It does not contain instructions for the agent to execute arbitrary or dangerous shell commands on the host system.
Audit Metadata