wp-phpstan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references established WordPress community PHP stub packages (e.g.,
szepeviktor/phpstan-wordpress) and uses standard binaries (composer,phpstan). No suspicious remote downloads or untrusted code execution was detected. - [Indirect Prompt Injection] (SAFE): The skill defines a surface for processing external project code and configurations (PHP, neon files). This is necessary for static analysis and is handled within the context of developer-guided tasks without evidence of unsafe interpolation or exploitation.
- [Prompt Injection] (SAFE): No instructions attempting to override agent safety guidelines, bypass content filters, or extract system prompts were detected.
Audit Metadata