wp-wpcli-and-ops
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill facilitates standard WordPress maintenance tasks through WP-CLI and an internal inspection script. These operations are restricted to the intended WordPress root and align with the skill's primary purpose.
- [DATA_EXPOSURE] (LOW): While the skill interacts with sensitive database data (export/import), it lacks exfiltration patterns. It proactively recommends backups and dry-runs to prevent accidental data loss or corruption.
- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests the installation of WP-CLI through trusted system package managers (Composer, Docker) only if the tool is absent from the execution environment.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from the WordPress environment (database content, configuration files) which could theoretically contain malicious instructions.
- Ingestion points: WordPress database,
wp-cli.ymlconfiguration, and site metadata. - Boundary markers: Absent; the instructions do not specify delimiters for site data.
- Capability inventory: Subprocess execution (WP-CLI), Node.js script execution, and file system write access.
- Sanitization: The skill relies on standard WP-CLI validation and manual verification steps.
Audit Metadata