wp-astrojs
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests data from external WordPress sources and provides the agent with tools to create, update, and delete content, which could be abused if malicious instructions are embedded in the fetched data.\n- [PROMPT_INJECTION]: Mandatory Evidence Chain for Indirect Injection:\n
- Ingestion points: WordPress content is fetched via
wordPressPostLoaderandwordPressPostStaticLoaderas defined inSKILL.md.\n - Boundary markers: There are no explicit instructions or delimiters to isolate untrusted WordPress content from the agent's logic.\n
- Capability inventory: The skill exposes administrative server actions including
createCreatePostAction,createUpdatePostAction, andcreateDeletePostAction(SKILL.md).\n - Sanitization: The integration uses Zod schemas for structural validation of data, but this does not mitigate natural language instruction injection within content fields.\n- [SAFE]: The skill uses
wp-astrojs-integration, which is a vendor resource authored by JUVOJustin.\n- [SAFE]: Configuration of the WordPress endpoint relies on environment variables (import.meta.env.PUBLIC_WORDPRESS_BASE_URL), following security best practices.
Audit Metadata