wp-rest-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill operates on project source code (PHP, JS), which represents a potential ingestion point for untrusted data if a repository contains malicious comments. However, the skill follows standard development workflows and does not expose high-risk automated execution paths for untrusted content.
- Ingestion points: Reads PHP and JavaScript files within the target WordPress project.
- Boundary markers: No explicit markers; standard file reading behavior.
- Capability inventory: File system access (read/write), Node.js execution for project triage.
- Sanitization: Not applicable as the skill is primarily instructional for a developer agent.
- [Command Execution] (SAFE): The skill invokes a local script (
node skills/wp-project-triage/scripts/detect_wp_project.mjs) to identify the project structure. This is a routine operation for environment discovery and does not involve remote downloads or obfuscated commands.
Audit Metadata