wp-bump
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to manage project state and assets, including
git status,npm run build,npm test, andcomposer run test. These commands trigger scripts defined in the project'spackage.jsonandcomposer.jsonfiles, which are external to the skill itself. - [EXTERNAL_DOWNLOADS]: The procedure allows for the installation of missing dependencies via
npmorcomposerwhen lockfiles are detected. This involves fetching packages from public registries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the repository being edited (e.g., version headers in PHP files, existing changelogs, and package configurations) and incorporates user-provided release notes into files.
- Ingestion points: Project files like
package.json,composer.json,readme.txt, and PHP headers are read in Step 0 and Step 2 ofSKILL.md. - Boundary markers: None are defined to separate untrusted file content from the agent's instructions.
- Capability inventory: The skill can perform file writes, run shell scripts (
npm/composer), and manage dependencies as described in Steps 2, 4, and 5 ofSKILL.md. - Sanitization: No explicit sanitization or validation of the content read from files is performed before it is used to determine subsequent actions.
Audit Metadata