woo-testing
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard documentation and patterns for WooCommerce development and testing, focusing on PHPUnit and Playwright integration.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run standard WP-CLI commands like
wp scaffold plugin-tests. This is a routine development task and does not pose a security risk in this context. - [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to use
WebSearchandWebFetchto gather documentation. This creates a surface for indirect prompt injection from external content. However, the instructions specifically target official and trusted sources (e.g., developer.woocommerce.com), which mitigates the risk. * Ingestion points: External documentation fetched via WebSearch and WebFetch from WooCommerce and WordPress developer portals. * Boundary markers: None provided in the instructions to delimit external content. * Capability inventory: The agent hasBash,Write, andEdittools available for performing tasks. * Sanitization: No specific sanitization of external content is described in the skill instructions.
Audit Metadata