wix-design-system
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled helper script
scripts/wds.cjsto search and retrieve component documentation. This is an intended function of the skill that operates on local files. - [PROMPT_INJECTION]: The skill ingests content from documentation files (testkits, examples, props) stored within the user's node_modules. These files are processed without explicit boundary markers, which is common for documentation-retrieval skills but represents an indirect ingestion surface.
- [SAFE]: The helper script implements regex-based input validation for component names, effectively preventing path traversal attacks when accessing documentation files. All external resources (packages and documentation) originate from the vendor's own infrastructure.
Audit Metadata