wp-rest-api
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands and Node.js for project triage and code searching. Specifically, it calls
node skills/wp-project-triage/scripts/detect_wp_project.mjsto identify WordPress environments. This is a standard procedure for a developer-focused agent skill. - [PROMPT_INJECTION]: No evidence of direct prompt injection or attempts to override AI safety filters was found. The instructions are strictly limited to WordPress development procedures.
- [EXTERNAL_DOWNLOADS]: There are no remote code downloads, external scripts, or network requests initiated by the provided skill files.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or credentials were found in the skill or its references.
- [DATA_EXFILTRATION]: The skill does not perform any network operations that could lead to data exfiltration. It operates entirely on the local repository root.
- [INDIRECT_PROMPT_INJECTION]: The skill has a low risk of indirect prompt injection as it processes untrusted local codebases.
- Ingestion points: Reads files and project structure in the repository root.
- Boundary markers: None explicitly defined for the triage or search steps.
- Capability inventory: Uses bash, node, and potentially WP-CLI via subprocess calls.
- Sanitization: Relies on the agent's internal filtering when processing search results from
grepor similar tools.
Audit Metadata