wordpress
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The instructions define a specific expert persona without any attempts to bypass safety filters, extract system prompts, or override agent constraints. The language is purely instructional for task performance.
- [DATA_EXFILTRATION] (SAFE): No commands for network operations, file system access to sensitive paths, or hardcoded credentials were identified.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not include any external package dependencies, remote script downloads, or patterns for executing untrusted code. It focuses on providing PHP code examples following WordPress standards.
- [OBFUSCATION] (SAFE): No encoded strings, zero-width characters, or hidden Unicode tags were detected in the markdown or metadata.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill does not define data ingestion points or automated processing of external content that could lead to indirect injection vulnerabilities. It acts as a static knowledge base for the agent.
- [SECURITY_PRACTICES] (INFO): The skill explicitly mandates defensive programming, including the use of
prepare()for SQL queries,nonceverification for forms, and proper capability checks, which enhances the security of the code generated by the agent.
Audit Metadata