Skills
skills/the-lemonboy/skills/wp-block-development/Gen Agent Trust Hub

wp-block-development

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script scripts/list_blocks.mjs to scan for WordPress block definitions and instructs the agent to run standard development commands such as npm run build, wp-cli, and wp-env.
  • [EXTERNAL_DOWNLOADS]: The skill references and utilizes well-known WordPress development packages including @wordpress/scripts, @wordpress/create-block, and @wordpress/env from official registries.
  • [PROMPT_INJECTION]: The skill processes untrusted project data by reading block.json files from the target repository, creating an indirect prompt injection surface.
  • Ingestion points: block.json files are scanned and read by the scripts/list_blocks.mjs script.
  • Boundary markers: Data is output as structured JSON to stdout, but there are no explicit delimiters or instructions to ignore embedded content during processing.
  • Capability inventory: The agent is authorized to write files, run npm scripts, and execute shell commands (wp-cli).
  • Sanitization: The script uses standard JSON parsing but does not perform content validation or sanitization on strings extracted from the configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 07:49 AM