The Agent Skills Directory

[SAFE]: The skill contains technical documentation and API recipes for managing Wix services. It does not include any executable scripts, obfuscated code, or persistence mechanisms.
[DATA_EXPOSURE]: The skill appropriately uses placeholders like <AUTH> and <REVISION> in its curl examples, ensuring that no sensitive credentials or specific session data are hardcoded.
[EXTERNAL_DOWNLOADS]: The skill interacts with official Wix domains (wix.com, wixapis.com) to perform administrative tasks. While it facilitates importing media from user-provided external URLs (e.g., in the 'Create Product from Image' recipe), this is a core functional requirement of the Wix Media Manager integration.
[PROMPT_INJECTION]: The 'Create Product from Image' recipes (references/stores/create-product-from-image-catalog-v3.md and references/stores/create-product-from-image.md) process external image data which could technically be used for indirect prompt injection. However, the skill explicitly mandates an interactive step ('Step 2: Present Details to User for Confirmation') where the agent must show the user the generated details (name, description, price) and wait for approval before proceeding with the API call. This human-in-the-loop control effectively mitigates the risk of the agent performing unauthorized actions based on external data.

wix-manage