woo-deploy

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute WP-CLI commands for WordPress core updates, plugin management, and database operations as part of the deployment workflow.
  • [EXTERNAL_DOWNLOADS]: Fetches documentation and command references from developer.wordpress.org, which is a well-known service for WordPress development resources.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified.
  • Ingestion points: Uses WebFetch to retrieve content from developer.wordpress.org and WebSearch for deployment best practices.
  • Boundary markers: No specific delimiters or instructions provided to the agent to ignore potentially malicious content within the fetched data.
  • Capability inventory: Possesses powerful tools including Bash, Write, and Edit which could be exploited if malicious instructions are ingested from external sources.
  • Sanitization: No sanitization or validation of the fetched external content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — woo-deploy