wp-performance-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill processes untrusted source code files from the filesystem, creating an attack surface for indirect prompt injection where malicious instructions could be hidden in comments or strings.
- Ingestion points: PHP and Javascript source files read via the agent during audit procedures.
- Boundary markers: Absent; there are no specific instructions or delimiters provided to separate target code content from the agent's core instructions.
- Capability inventory: Filesystem read access, shell command execution (grep), and WordPress profiling capability (wp-cli).
- Sanitization: Absent; the skill does not include any explicit steps to sanitize or escape the content of the files it analyzes.
Audit Metadata