woo-testing

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard documentation and patterns for WooCommerce development and testing, focusing on PHPUnit and Playwright integration.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run standard WP-CLI commands like wp scaffold plugin-tests. This is a routine development task and does not pose a security risk in this context.
  • [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to use WebSearch and WebFetch to gather documentation. This creates a surface for indirect prompt injection from external content. However, the instructions specifically target official and trusted sources (e.g., developer.woocommerce.com), which mitigates the risk. * Ingestion points: External documentation fetched via WebSearch and WebFetch from WooCommerce and WordPress developer portals. * Boundary markers: None provided in the instructions to delimit external content. * Capability inventory: The agent has Bash, Write, and Edit tools available for performing tasks. * Sanitization: No specific sanitization of external content is described in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:33 AM
Security Audit — agent-trust-hub — woo-testing