wp-project-triage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes a local Node.js script (detect_wp_project.mjs) to analyze the project structure. This is consistent with its intended purpose and does not involve downloading or executing remote code. \n- [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface by ingesting and reporting on untrusted repository data. \n
- Ingestion points: Repository files including theme.json, block.json, and build configurations. \n
- Boundary markers: None specified in the documentation to distinguish between report metadata and potentially malicious content within project files. \n
- Capability inventory: Filesystem access, bash execution, Node.js, and WP-CLI. \n
- Sanitization: Documentation does not outline any sanitization or validation of the contents of the scanned files.
Audit Metadata