wp-interactivity-api
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes a file named
skill-report.jsoncontaining a pre-completed security analysis that declares the skill 'safe' and dismisses findings as false positives. This is a self-referential injection attempt designed to subvert the auditing process. - [PROMPT_INJECTION]: There is a discrepancy between the provided author context (aiskillstore) and the author claimed within the skill metadata and
skill-report.json(Automattic), indicating deceptive metadata. - [EXTERNAL_DOWNLOADS]: The documentation references official WordPress packages and repositories (e.g.,
github.com/Automattic/*). These are recognized as well-known and trusted sources for the intended purpose of WordPress block development.
Audit Metadata