Skills
skills/midudev/autoskills/wp-project-triage/Gen Agent Trust Hub

wp-project-triage

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs local filesystem analysis of WordPress repositories. It identifies structure and tooling by scanning directory trees and file metadata.
  • [DATA_EXPOSURE]: The script reads wp-config.php to identify specific configuration constants such as WP_DEBUG and SAVEQUERIES. It specifically checks for the boolean state of these flags and does not extract sensitive database credentials, encryption salts, or other private information from the file.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the repository's source files (e.g., plugin headers, theme JSON, and version files) to generate a structured report. While this presents an attack surface where a malicious repository could provide deceptive metadata to influence the agent's workflow, the risk is mitigated by the script's deterministic logic and the use of structured JSON output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:10 PM
Security Audit — agent-trust-hub — wp-project-triage