wordpress-dev
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters or override agent constraints.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration operations exist in the skill files.
- [External Downloads] (SAFE): Documentation links point to high-reputation sources such as WordPress.org and official plugin developer sites.
- [Unverifiable Dependencies] (SAFE): The scaffold script relies exclusively on Python standard libraries (argparse, os, re, sys, pathlib).
- [Indirect Prompt Injection] (SAFE): The skill possesses a code-generation surface via scaffold.py. [Evidence Chain]: (1) Ingestion: CLI arguments; (2) Boundaries: Absent; (3) Capabilities: Write, Edit, and Bash tools; (4) Sanitization: Present via regex-based slug and class name conversion functions.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata