wp-plugin-directory-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted third-party WordPress plugin source code, which constitutes an indirect prompt injection attack surface.
- Ingestion points: The skill accepts 'Plugin source code' and 'plugin readme' as primary inputs (SKILL.md).
- Boundary markers: No explicit delimiters or 'ignore instructions' warnings are defined for the user-provided code in the instructions.
- Capability inventory: The skill performs static text analysis and guideline verification; it does not contain scripts that perform subprocess execution, network requests (beyond documentation links), or file system writes.
- Sanitization: No sanitization of user-provided code is mentioned in the review procedure.
- [EXTERNAL_DOWNLOADS]: The skill references several external resources for documentation and license verification.
- Fetches license details and compatibility information from GNU.org and the official WordPress.org documentation.
- References technical naming checks from the official WordPress Plugin Check repository on GitHub.
- All referenced domains (gnu.org, wordpress.org, github.com/WordPress) are well-known, trusted organizations directly related to the skill's primary purpose.
Audit Metadata