woo-admin
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected.
- [PROMPT_INJECTION]: The skill contains only instructional content related to WooCommerce development. No attempts to override system prompts, bypass safety guidelines, or extract system instructions were found.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file path access, or unauthorized network communication patterns were identified. The network-related tools (WebSearch, WebFetch) are directed toward official documentation.
- [REMOTE_CODE_EXECUTION]: No patterns for downloading and executing remote scripts (e.g., piping curl to bash) were found. The code snippets provided are static templates for WordPress development.
- [EXTERNAL_DOWNLOADS]: The skill mentions official Node.js packages (@woocommerce/data, @woocommerce/components) and refers to trusted documentation sites (developer.woocommerce.com, developer.wordpress.org), which is standard for the described development task.
- [COMMAND_EXECUTION]: While the skill permits the 'Bash' tool, the content does not contain any suspicious or dangerous command-line executions.
- [CREDENTIALS_UNSAFE]: No API keys, tokens, or other sensitive credentials are hardcoded in the skill.
- [INDIRECT_PROMPT_INJECTION]: The skill provides guidance on handling external data (WordPress POST requests) and correctly emphasizes the need for sanitization and nonce verification to prevent vulnerabilities in the developed code.
Audit Metadata