wp-project-triage
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a read-only filesystem scanner using standard Node.js built-in modules. It categorizes the repository based on file presence and content markers without utilizing external dependencies or remote code execution.
- [SAFE]: While the script inspects
wp-config.php, it specifically targets non-sensitive boolean constants (such asWP_DEBUGorSAVEQUERIES) using regular expressions. It does not extract or expose database credentials, security salts, or other sensitive secrets. - [SAFE]: The scanning logic includes safety constraints, such as a maximum directory depth and a file count limit, to prevent performance issues or potential denial-of-service scenarios on large filesystems.
Audit Metadata