wp-security-scan
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted WordPress plugin source code, which serves as a potential ingestion point for indirect prompt injection attacks. Malicious instructions could be embedded within the files being audited to influence the agent's findings.
- Ingestion points: The skill recursively scans PHP, JS, JSX, and TS files from the current directory and its subdirectories as defined in Step 2.
- Boundary markers: No explicit delimiters or instructions are provided to separate the auditor's logic from the code data being ingested.
- Capability inventory: The skill is restricted to static code analysis and reporting; it does not possess capabilities for network operations or arbitrary code execution.
- Sanitization: The skill lacks mechanisms to sanitize or filter natural language instructions that might be contained within the source code being analyzed.
Audit Metadata