wix-headless
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts and standard CLI tools (
npm,npx) to scaffold projects (scaffold.sh), manage environment variables (npx @wix/cli env pull), install dependencies, and perform production builds and releases (release.sh). All commands are standard for modern web development workflows. - [EXTERNAL_DOWNLOADS]: Fetches official Wix SDKs and standard web development packages (e.g.,
tailwindcss,astro) from the public npm registry. All API endpoints for data management and media hosting are on official vendor-owned domains (wixapis.com,wixstatic.com). - [DATA_EXPOSURE]: Accesses project configuration files (
wix.config.json) and local environment variables (.env.local) to manage site identity and authentication tokens. This data is handled according to standard development practices and is not exfiltrated. - [REMOTE_CODE_EXECUTION]: Uses a subagent architecture where workers load instruction files from local paths within the skill folder. Execution is scoped to generating project code and calling official Wix APIs.
Audit Metadata