wordpress-router
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script (
detect_wp_project.mjs) to analyze project structure and identifies available tooling. It further recommends executing standard development commands (lint, test, build) found within the project configuration. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it bases its routing and command recommendations on the contents of untrusted files within the analyzed repository.
- Ingestion points: Reads configuration files such as
package.json,composer.json,theme.json, andblock.jsonfrom the repository root. - Boundary markers: No specific boundary markers or 'ignore' instructions are documented for isolating file content from the agent's logic.
- Capability inventory: The skill performs filesystem triage and recommends shell command execution based on discovered scripts.
- Sanitization: No explicit sanitization or validation of extracted script names or project metadata is mentioned before they are used in the decision-making process.
Audit Metadata