studio-cli
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation describes standard functionality for the official Studio CLI tool from Automattic and does not contain malicious code or hidden patterns.
- [PROMPT_INJECTION]: The skill proactively identifies and mitigates indirect prompt injection risks. Ingestion points: Local WordPress site content and WordPress.com preview sites (SKILL.md). Boundary markers: Explicit instructions to treat site content as untrusted input and avoid executing instructions found within (SKILL.md). Capability inventory: Site creation, remote preview management, and PHP evaluation via 'studio wp eval' (SKILL.md). Sanitization: Mandatory review instructions for blueprint JSON files to prevent arbitrary code execution (SKILL.md).
- [COMMAND_EXECUTION]: The skill uses the 'studio' CLI to perform legitimate WordPress development tasks such as site creation, configuration, and previewing. It provides appropriate warnings regarding credential visibility and the risks associated with unverified configuration files.
Audit Metadata