Skills
skills/jezweb/claude-skills/wordpress-plugin-core/Gen Agent Trust Hub

wordpress-plugin-core

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE] (SAFE): All templates (Simple, OOP, and PSR-4) implement the 'Security Trinity' for WordPress: input sanitization (sanitize_text_field), output escaping (esc_html), and nonce verification for all AJAX and form submissions.
  • [COMMAND_EXECUTION] (SAFE): The scaffold-plugin.sh script is a standard developer utility that automates project setup via local file copies and sed replacements. It optionally runs composer install for standard development tools like PHP_CodeSniffer, which is expected behavior for modern PHP development.
  • [EXTERNAL_DOWNLOADS] (SAFE): Documentation and templates reference the plugin-update-checker library, which is a widely recognized and trusted community standard for providing update functionality in non-repository plugins.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:39 PM