elementor-controls
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious instructions or security risks identified.
- Prompt Injection: No attempts to override agent behavior or bypass safety filters were found in the instructional text or code comments.
- Data Exposure & Exfiltration: No hardcoded credentials, sensitive file paths, or unauthorized network operations. The use of
plugins_urlandwp_enqueue_scriptare standard WordPress practices for local assets. - Remote Code Execution: No use of
eval,exec, or remote script downloads (e.g., curl/wget piped to shell). Registration of custom controls viarequire_onceuses local paths as per standard PHP development. - Obfuscation: All code and markdown content is in plain text with no encoded strings (Base64), hidden characters, or homoglyphs.
- Indirect Prompt Injection: While the controls handle user input (like text and URLs), the skill itself only provides templates and does not implement unsafe ingestion or processing logic that would expose the agent to injection.
Audit Metadata