# Triage WordPress Projects Before Editing WordPress repositories can hide project type, tooling, tests, and version requirements. This skill runs a read-only detector and returns a structured report for safer planning. ## Install ```bash npx skillstore add automattic/wp-project-triage ``` ## Metadata - - Slug: automattic-wp-project-triage - - Version: 1.0.0 - - Author: Automattic - - GitHub username: Automattic - - License: MIT - - Repository: https://github.com/Automattic/agent-skills/tree/trunk/skills/wp-project-triage - - Ref: trunk - - Supported tools: Claude, Codex, Claude Code - - Risk level: low - - Risk factors: scripts, filesystem - - Quality score: 79 - - Quality tier: bronze - - Public page: https://skillstore.pages.dev/skills/automattic-wp-project-triage - - Manifest: https://skillstore.pages.dev/api/skills/automattic-wp-project-triage/manifest ## Capabilities - Detects WordPress project kinds such as plugins, themes, block themes, WP core, and Gutenberg. - Finds local tooling signals from package.json, composer.json, WP-CLI files, and test configuration. - Reports WordPress, Gutenberg, PHP, Node, and dependency version hints when files expose them. - Identifies selected WordPress features such as Interactivity API, Abilities API, InnerBlocks, and wp-env usage. - Suggests likely lint, test, build, and setup commands based on detected project files. - Prints a structured report that can be checked against the included schema. ## Use Cases - Start Work in an Unknown WordPress Repository: Classify the project and identify the safest development commands before editing files. - Standardize Triage for Plugin and Theme Reviews: Collect consistent project metadata before planning fixes, tests, or compatibility checks. - Prepare Automation Guardrails: Use detected tooling and tests to choose workflow steps for CI, local checks, or agent instructions. ## Prompt Templates ### Run Basic Project Triage ``` Use wp-project-triage on this repository. Summarize the project type, tooling, tests, versions, and recommended next commands. ``` ### Plan a Safe First Change ``` Run the WordPress triage detector, then propose a safe edit plan based on the detected project kind and available tests. ``` ### Compare Tooling Signals ``` Use the triage report to explain the Node, PHP, WP-CLI, wp-env, and test tooling present in this repository. ``` ### Create Agent Workflow Guardrails ``` Run wp-project-triage and convert the results into repository-specific guardrails for build, test, verification, and unsupported actions. ``` ## Limitations - It only inspects the local filesystem and does not verify runtime behavior. - It may miss signals outside configured depth and file count limits. - It does not install dependencies or execute project test suites. - It cannot guarantee that suggested commands are safe for every repository. ## Best Practices - Run triage before making repository changes or selecting test commands. - Review the reported commands before executing them in sensitive environments. - Re-run triage after adding build, test, theme, plugin, or WordPress configuration files. ## Anti Patterns - Do not assume a project type from directory names alone. - Do not execute recommended commands without reviewing local project scripts first. - Do not treat the report as a replacement for manual security review. ## Security Audit - - Safe to publish: true - - Audited at: 2026-06-28T11:57:36.396\+00:00 - - Summary: The static analyzer reported network, command execution, credential, and weak crypto patterns, but contextual review found these were false positives. The skill is a read-only WordPress repository detector that uses local filesystem reads and prints a structured report, so the remaining risk is limited to local repository inspection. ## Stats - - Views: 198 - - Downloads: 4 - - Favorites: 0 - - Popularity score: 0