wordpress-publisher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): No malicious instructions, obfuscation, or hardcoded secrets were detected in the provided markdown and environment template files.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection by processing external content and transmitting it to a remote API. Evidence Chain: 1. Ingestion points: content.html file and stdin (referenced in SKILL.md). 2. Boundary markers: Absent in provided instructions. 3. Capability inventory: Authenticated write access to WordPress REST API via wp-publish.js. 4. Sanitization: Unverifiable as the core script logic was not included in the analysis.
Audit Metadata