wp-wpcli-and-ops
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The skill provides procedures for running WP-CLI commands to manage WordPress sites. It correctly prioritizes safety by recommending dry-runs, site backups, and explicit environment confirmation before performing any write operations.
- Indirect Prompt Injection (SAFE): The skill interacts with external data (e.g., outputs from WP-CLI commands). While this creates a theoretical attack surface, the instructions guide the agent to perform deterministic checks and manual verification of results, which is appropriate for an operational tool.
- Ingestion points:
SKILL.md(Step 1 and Verification procedures). - Boundary markers: Absent, but mitigated by explicit procedural steps.
- Capability inventory: Subprocess execution of WP-CLI commands including DB access and file system management.
- Sanitization: Relies on standard WP-CLI output formats.
- Dynamic Execution (SAFE): The skill uses a local script (
wpcli_inspect.mjs) for environment inspection. This is a standard automation practice for agent skills and does not involve executing untrusted remote code.
Audit Metadata