wp-plugin-version
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted content from the repository being analyzed.\n
- Ingestion points: Workflow reads plugin headers, PHP constants, and README files within the local repository.\n
- Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded in the analyzed data.\n
- Capability inventory: The skill has the capability to write to local files to update version strings (SKILL.md step 5).\n
- Sanitization: No explicit sanitization or validation of the ingested strings is defined beyond looking for version-like patterns.\n- [NO_CODE] (SAFE): No executable script files, binaries, or external dependencies are included with this skill. It consists purely of natural language instructions and a markdown template.
Audit Metadata