wp-blocks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [SAFE] (SAFE): No malicious patterns, prompt injections, or exfiltration vectors were detected across the three resource files.
- [EXTERNAL_DOWNLOADS] (LOW): The documentation references standard, trusted WordPress resources including the official theme.json schema (schemas.wp.org) and core WordPress NPM packages. These references are appropriate for the skill's stated purpose.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a code reference skill, it provides snippets for agent use. The provided snippets include security best practices, such as using
esc_html()for server-side rendering andRichTextfor client-side editing, which mitigates the risk of the agent generating vulnerable code. - [FALSE_POSITIVE_ALERT] (INFO): The 'hero.ph' malicious URL alert identified by external scanners was investigated. The literal string 'hero.ph' does not appear in any file. The alert is a false positive likely caused by a regex collision between the word 'hero' (used for hero sections) and the '.php' file extension documentation (e.g., 'hero.php').
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata