wp-abilities-api
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to bypass AI safety filters, override system prompts, or extract internal configuration.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive local files (e.g., credentials, SSH keys) or perform network requests to untrusted external domains.
- Obfuscation (SAFE): The content is clear and uses standard Markdown/YAML formatting with no hidden characters or encoded payloads.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard development tools (WP-CLI, Node, Bash) and a specific library (@wordpress/abilities). There are no commands that download and execute arbitrary scripts from the internet (e.g., curl | bash).
- Privilege Escalation (SAFE): No commands involving 'sudo', 'chmod', or administrative modifications to the host system were identified.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or system services to maintain unauthorized access.
- Indirect Prompt Injection (LOW): As a coding assistant skill that reads and analyzes repository content, there is a theoretical surface for instructions embedded in analyzed files to influence the agent. However, this is a standard risk for all filesystem-based agents and no specific vulnerabilities were introduced in this skill's logic.
Audit Metadata