woo-admin

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected.
  • [PROMPT_INJECTION]: The skill contains only instructional content related to WooCommerce development. No attempts to override system prompts, bypass safety guidelines, or extract system instructions were found.
  • [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file path access, or unauthorized network communication patterns were identified. The network-related tools (WebSearch, WebFetch) are directed toward official documentation.
  • [REMOTE_CODE_EXECUTION]: No patterns for downloading and executing remote scripts (e.g., piping curl to bash) were found. The code snippets provided are static templates for WordPress development.
  • [EXTERNAL_DOWNLOADS]: The skill mentions official Node.js packages (@woocommerce/data, @woocommerce/components) and refers to trusted documentation sites (developer.woocommerce.com, developer.wordpress.org), which is standard for the described development task.
  • [COMMAND_EXECUTION]: While the skill permits the 'Bash' tool, the content does not contain any suspicious or dangerous command-line executions.
  • [CREDENTIALS_UNSAFE]: No API keys, tokens, or other sensitive credentials are hardcoded in the skill.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides guidance on handling external data (WordPress POST requests) and correctly emphasizes the need for sanitization and nonce verification to prevent vulnerabilities in the developed code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — woo-admin