wjs-converting-wp-to-hugo
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill handles sensitive WordPress migration files (WXR exports and media uploads). It implements a "safe by default" approach by including a
.gitignorethat root-anchors the/uploads/and*.xmlpatterns, preventing users from accidentally committing sensitive data or database dumps to Git. All data processing is performed locally by scripts using standard libraries. - [EXTERNAL_DOWNLOADS]: The GitHub Actions workflow (
assets/workflow-hugo.yml) downloads the Hugo Extended binary from the official gohugoio/hugo repository. This is an established and trusted source for build tooling. - [PROMPT_INJECTION]: The skill demonstrates defensive design by parsing the WordPress XML structure to identify and exclude password-protected posts (
<wp:post_password>). This prevents sensitive or private content from being exposed during the transition to a static site.
Audit Metadata