Skills
skills/openclaw/skills/wordpress-publisher/Gen Agent Trust Hub

wordpress-publisher

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to ingest user-provided Markdown or HTML content and transform it into WordPress Gutenberg blocks for publication, creating a surface for indirect prompt injection.\n
  • Ingestion points: Content processed by convert_to_gutenberg, markdown_to_gutenberg, and create_post functions (referenced in CHANGELOG.md and tests/test_wp_publisher.py).\n
  • Boundary markers: Absent; the skill's primary instruction file (SKILL.md) was not provided for analysis to verify the presence of delimiters or safety warnings.\n
  • Capability inventory: The skill possesses network-write capabilities via the WordPress REST API (POST/PUT/DELETE) as seen in tests/test_wp_publisher.py.\n
  • Sanitization: Not verifiable as the logic files (scripts/wp_publisher.py and scripts/content_to_gutenberg.py) were missing from the submission.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 01:51 AM