Skills
skills/midudev/autoskills/wordpress-router/Gen Agent Trust Hub

wordpress-router

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs a local Node.js script (skills/wp-project-triage/scripts/detect_wp_project.mjs) to identify project types and available tooling. This execution is consistent with the skill's primary purpose and is scoped to a local script.
  • [PROMPT_INJECTION]: The skill analyzes content from the project's filesystem (e.g., metadata files like block.json or package.json) to determine the project kind. While processing untrusted data is a potential vector for indirect prompt injection, the utility focuses on structural classification rather than executing logic embedded within those data files, presenting minimal risk.
  • Ingestion points: Filesystem metadata in the repository root.
  • Boundary markers: Absent in instructions.
  • Capability inventory: Execution of a local Node.js script.
  • Sanitization: Logic-based classification via the triage script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:10 PM
Security Audit — agent-trust-hub — wordpress-router