Skills
skills/emdash-cms/emdash/wordpress-theme-to-emdash/Gen Agent Trust Hub

wordpress-theme-to-emdash

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch theme files, sample images, and license texts from external sources such as WordPress.org, GitHub, and live demo sites. These operations are essential for the primary purpose of theme conversion and target well-known or user-provided endpoints.
  • [COMMAND_EXECUTION]: The instructions involve executing various shell commands to set up the environment, manage dependencies, and run development servers. Examples include pnpm install, pnpm dev, emdash seed, and shell pipelines like lsof -ti:4321 | xargs kill -9 to manage local processes.
  • [PROMPT_INJECTION]: The skill utilizes a browsing-based workflow to analyze external demo sites, creating an indirect prompt injection surface.
  • Ingestion points: The agent-browser tool is used to navigate and extract data from external demo websites in Phase 1 (1-discovery.md).
  • Boundary markers: The instructions do not define specific delimiters or warnings to ignore embedded instructions for the data ingested from demo sites.
  • Capability inventory: The skill possesses capabilities for shell command execution via pnpm and emdash, local file system operations, and network access.
  • Sanitization: Extracted design tokens and template structures are used to generate Astro components without explicit sanitization or validation of the input source content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 11:08 PM