wordpress-vip
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide and set of templates for WordPress development on the VIP platform. It does not contain any malicious code, backdoors, or instructions intended to subvert agent behavior.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of '@automattic/vip' via NPM and 'automattic/vipwpcs' via Composer. These are recognized, official tools from Automattic, a trusted organization, and represent standard development environment setup.
- [COMMAND_EXECUTION]: The documentation includes examples of using 'vip-cli', 'git', 'composer', and 'npm' for environment management, dependency resolution, and code deployment. These commands are typical for the stated development purpose and utilize official tools.
- [PROMPT_INJECTION]: No prompt injection or instructions to bypass safety guidelines were detected. The skill uses a professional developer persona to define its task scope without overriding system safety filters.
- [DATA_EXFILTRATION]: No evidence of data exposure or exfiltration was found. The skill emphasizes security best practices, such as input validation, output escaping, and the use of 'vip_safe_wp_remote_get' for secure, cached network requests.
Audit Metadata