woo-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute WP-CLI commands for WordPress core updates, plugin management, and database operations as part of the deployment workflow.
- [EXTERNAL_DOWNLOADS]: Fetches documentation and command references from developer.wordpress.org, which is a well-known service for WordPress development resources.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified.
- Ingestion points: Uses WebFetch to retrieve content from developer.wordpress.org and WebSearch for deployment best practices.
- Boundary markers: No specific delimiters or instructions provided to the agent to ignore potentially malicious content within the fetched data.
- Capability inventory: Possesses powerful tools including Bash, Write, and Edit which could be exploited if malicious instructions are ingested from external sources.
- Sanitization: No sanitization or validation of the fetched external content is performed before processing.
Audit Metadata