Skip to main content
hc
Submit
skillsSource-backedReview first Safety Privacy

WordPress Agent Skills

WordPress contributor-reviewed Agent Skills for AI coding assistants working on Gutenberg blocks, block themes, plugins, REST APIs, Interactivity API, Abilities API, WP-CLI, Playground, performance, PHPStan, and directory rules.

by WordPress Contributors·added 2026-06-18·
Claude CodeCodexWindsurfGeminiCursorCLI
HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:expertType:capability-packVerified:validated
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • WordPress plugin, theme, REST API, WP-CLI, database, cron, and performance changes can affect production sites, admin access, public endpoints, stored content, and user data.
  • Security-sensitive work needs capability checks, nonces, sanitization, escaping, prepared SQL, REST permission callbacks, and explicit authorization review.
  • Block changes can create Invalid block errors if saved markup changes without proper deprecations and migrations.
  • Do not run WP-CLI write operations, database migrations, search-replace, cron tasks, plugin activation, or cache flushes on production without explicit approval and backups.
  • The repo discloses AI-assisted generation from official WordPress and Gutenberg documentation followed by WordPress contributor review; still verify against current project constraints.

Privacy notes

  • WordPress work can expose database content, user accounts, emails, cookies, nonces, application passwords, REST payloads, site URLs, plugin settings, telemetry, performance profiles, and logs.
  • Keep wp-config secrets, salts, database credentials, application passwords, admin cookies, production exports, customer data, and private plugin code out of prompts, screenshots, issues, and public PRs.
  • When using Playground, mounted local code may be copied into an in-memory filesystem; check that the mounted project does not contain secrets before sharing snapshots or repro links.

Prerequisites

  • AI coding assistant or skill installer compatible with Agent Skills-style repositories.
  • WordPress plugin, theme, block theme, Gutenberg block, WordPress core checkout, or full-site repository.
  • Target WordPress and PHP version constraints, especially when working below WordPress 6.9 or with older PHP support.
  • Repo-local test/build tooling such as Composer, npm, @wordpress/scripts, wp-env, WP-CLI, PHPUnit, Playwright, PHPCS, or PHPStan where available.

Schema details

Install type
package
Reading time
8 min
Difficulty score
78
Troubleshooting
Yes
Breaking changes
No
Source repository stats
Scope
Source repo
Package metadata
Skill and platform metadata
Skill type
capability-pack
Skill level
expert
Verification
validated
Verified at
2026-06-18
Retrieval sources
https://github.com/WordPress/agent-skillshttps://raw.githubusercontent.com/WordPress/agent-skills/trunk/README.mdhttps://raw.githubusercontent.com/WordPress/agent-skills/trunk/docs/ai-authorship.mdhttps://raw.githubusercontent.com/WordPress/agent-skills/trunk/skills/wordpress-router/SKILL.mdhttps://raw.githubusercontent.com/WordPress/agent-skills/trunk/skills/wp-block-development/SKILL.mdhttps://raw.githubusercontent.com/WordPress/agent-skills/trunk/skills/wp-plugin-development/SKILL.mdhttps://raw.githubusercontent.com/WordPress/agent-skills/trunk/LICENSE
Tested platforms
ClaudeCodexCursorGitHub CopilotGeneric AGENTS
PlatformSupportInstall path
claude-codeNative.claude/skills/<skill-name>/SKILL.md
codexNative.agents/skills/<skill-name>/SKILL.md
windsurfNative.windsurf/skills/<skill-name>/SKILL.md
geminiNative.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursorAdapter.cursor/rules/<skill-name>.mdc
cliManualAGENTS.md or tool-specific context file
Tool listing metadata
Full copyable content
npx skills add WordPress/agent-skills --list

# Install a starting router skill
npx skills add WordPress/agent-skills --skill wordpress-router

# Install focused skills for a project
npx skills add WordPress/agent-skills --skill wp-plugin-development wp-block-development wp-playground

About this resource

WordPress Agent Skills

WordPress/agent-skills packages contributor-reviewed WordPress guidance for AI coding assistants. It helps agents classify WordPress repositories, choose modern workflows, and avoid outdated patterns when working on Gutenberg blocks, block themes, plugins, REST endpoints, Interactivity API, Abilities API, WP-CLI, WordPress Playground, PHPStan, performance, and plugin directory rules.

The README states that the skills were generated from official Gutenberg and WordPress documentation with GPT-5.2 Codex, then reviewed, edited, and tested by WordPress contributors. Treat that disclosure as important context: this is an AI-assisted, human-reviewed skill pack, not an unreviewed prompt dump.

Knowledge Freshness

The skills target WordPress 6.9+ with PHP 7.2.24+ compatibility guidance. They lean on current Gutenberg and WordPress developer documentation, but WordPress APIs, block editor behavior, REST patterns, plugin directory rules, PHPStan baselines, and Playground tooling can change.

Use the skills for workflows and guardrails, then verify exact APIs and behavior against the target project's WordPress version, PHP version, installed plugins, theme architecture, and existing tooling.

Retrieval Sources

This listing is grounded in:

  • The WordPress/agent-skills repository README.
  • The repository's AI authorship disclosure.
  • Representative skill manifests for routing, block development, plugin development, REST APIs, performance, and Playground.
  • The GPL-2.0-or-later license text.
  • Repository metadata from the official WordPress GitHub organization.

Core Workflow

List available skills:

npx skills add WordPress/agent-skills --list

Install the router skill to classify a WordPress repository and route work:

npx skills add WordPress/agent-skills --skill wordpress-router

Install focused skills for a project:

npx skills add WordPress/agent-skills --skill wp-plugin-development wp-block-development wp-playground

The repository also includes build and install scripts for global or project scope installation across Claude Code, Codex, VS Code/GitHub Copilot, and Cursor targets.

Capability Scope

The repository currently lists these skills:

Skill Scope
wordpress-router Classify WordPress repos and route to the right workflow
wp-project-triage Detect project type, tooling, tests, and versions
wp-block-development Gutenberg blocks, block.json, rendering, attributes, deprecations, and build tooling
wp-block-themes Block themes, theme.json, templates, patterns, and style variations
wp-plugin-development Plugin architecture, hooks, settings API, lifecycle, security, and packaging
wp-rest-api REST routes, schema, authentication, permission callbacks, and response shaping
wp-interactivity-api Frontend interactivity with data-wp-* directives and stores
wp-abilities-api Capability-based permissions and REST API authentication
wp-abilities-audit Audit plugin REST surfaces and propose Abilities API registrations
wp-abilities-verify Verify Abilities API registrations against declared annotations
wp-wpcli-and-ops WP-CLI, automation, multisite, and search-replace
wp-performance Backend profiling, Query Monitor headers, object cache, cron, HTTP API, and database optimization
wp-phpstan PHPStan configuration, baselines, and WordPress-specific typing
wp-playground Disposable WordPress instances, Blueprints, snapshots, versions, and Xdebug
wpds WordPress Design System guidance
wp-plugin-directory-guidelines WordPress Plugin Directory rules
blueprint WordPress Playground Blueprints

Production Rules

Use these skills to make WordPress changes more disciplined, but keep site safety explicit:

  • Run repository triage before broad edits so the agent understands whether it is touching a plugin, theme, block theme, WordPress core checkout, or full site.
  • Prefer existing project tooling and conventions over invented structure.
  • Review every security-sensitive change for nonces, capabilities, sanitization, escaping, SQL preparation, REST permission callbacks, and authorization logic.
  • Add block deprecations when saved markup changes.
  • Test plugin activation, settings saves, REST routes, WP-CLI commands, and build outputs before shipping.
  • Avoid production write operations unless the user has explicitly approved the target site, command, backup plan, and rollback path.

Use Cases

  • Ask Codex to triage a WordPress plugin repo before editing hooks or settings.
  • Have Claude Code add a Gutenberg block with block.json, rendering, and deprecation guidance.
  • Use Cursor to audit REST endpoints for missing permission callbacks or weak schema validation.
  • Ask an agent to profile a slow backend route with WP-CLI and Query Monitor headers.
  • Use WordPress Playground skills to create a disposable repro for a plugin or theme issue.

Source Review

  • The README describes Agent Skills for WordPress as portable bundles for Claude, Copilot, Codex, Cursor, and other AI assistants.
  • The README lists 17 skills covering routing, triage, blocks, themes, plugins, REST, Interactivity API, Abilities API, WP-CLI, performance, PHPStan, Playground, design system, plugin directory guidelines, and blueprints.
  • The AI authorship disclosure states the skills were created from official Gutenberg trunk documentation and WordPress developer docs, generated with GPT-5.2 Codex, reviewed by WordPress contributors, and tested with AI assistants.
  • Representative manifests document concrete workflows such as running triage scripts, listing blocks, using @wordpress/create-block, enforcing REST permission callbacks, and measuring backend performance before optimizing.
  • The license file identifies the repository as GPL-2.0-or-later.

Duplicate Review

Checked current content/skills/, content/tools/, content/mcp/, open pull requests, and repository-wide content for WordPress Agent Skills, WordPress/agent-skills, wordpress-router, wp-block-development, wp-plugin-development, and wp-playground. No dedicated WordPress Agent Skills entry, exact source URL duplicate, target file, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used. The upstream repository discloses AI-assisted generation from official WordPress/Gutenberg documentation followed by WordPress contributor review and testing. The repository is GPL-2.0-or-later.

#wordpress#skills#gutenberg#plugins#blocks#rest-api#wp-cli#ai-agents

Source citations

Add this badge to your README

Show that WordPress Agent Skills is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/skills/wordpress-agent-skills.svg)](https://heyclau.de/entry/skills/wordpress-agent-skills)

How it compares

WordPress Agent Skills side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldWordPress Agent Skills

WordPress contributor-reviewed Agent Skills for AI coding assistants working on Gutenberg blocks, block themes, plugins, REST APIs, Interactivity API, Abilities API, WP-CLI, Playground, performance, PHPStan, and directory rules.

Open dossier 		.NET Agent Skills

Microsoft .NET team skill marketplace for AI coding agents working on .NET, C#, ASP.NET Core, Blazor, MAUI, diagnostics, MSBuild, NuGet, upgrades, tests, AI workflows, RAG pipelines, and C# MCP servers.

Open dossier 		Expo Skills

Official Expo AI agent skills for building, deploying, upgrading, observing, and debugging Expo and React Native apps with Expo Router, EAS, native modules, App Clips, Tailwind, native UI, and EAS Update insights.

Open dossier 		GSAP AI Skills

Official GreenSock GSAP AI Skills for coding agents that need correct GSAP tweens, timelines, ScrollTrigger, React cleanup, plugins, utilities, framework lifecycle guidance, and animation performance patterns.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categoryskillsskillsskillsskills
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorWordPress Contributors.NET Team at MicrosoftExpoGreenSock
Added2026-06-182026-06-182026-06-182026-06-18
Platforms
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLIVS Code
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Source repo
Safety notesWordPress plugin, theme, REST API, WP-CLI, database, cron, and performance changes can affect production sites, admin access, public endpoints, stored content, and user data. Security-sensitive work needs capability checks, nonces, sanitization, escaping, prepared SQL, REST permission callbacks, and explicit authorization review. Block changes can create Invalid block errors if saved markup changes without proper deprecations and migrations. Do not run WP-CLI write operations, database migrations, search-replace, cron tasks, plugin activation, or cache flushes on production without explicit approval and backups. The repo discloses AI-assisted generation from official WordPress and Gutenberg documentation followed by WordPress contributor review; still verify against current project constraints..NET build, test, upgrade, package, template, publish, and migration tasks can modify project files, lock files, generated code, packages, app settings, and deployment artifacts. Diagnostics skills may suggest collecting traces, dumps, counters, crash data, MSBuild binlogs, or performance profiles; collect those artifacts only with explicit approval and storage controls. MCP server skills can expose local code, files, APIs, credentials, or production services as callable tools; review tool descriptions, parameter validation, authorization, and transport choice before connecting clients. NuGet and publish workflows can push packages or artifacts to public or private feeds; verify package IDs, versions, API keys, feed targets, and release policy before publishing. Upgrade and modernization guidance should be verified against each application's framework support window, deployment target, package compatibility, and rollback plan.Expo Skills can guide agents through native project changes, EAS builds, store submissions, EAS Update rollouts, and EAS Observe queries; those actions can affect real apps and users. Do not let an agent trigger EAS builds, submissions, rollouts, or production updates without reviewing project, profile, branch, runtime version, and account context. Native modules, config plugins, App Clips, brownfield integration, and prebuild steps can modify iOS and Android project files; inspect diffs before committing. Follow the skill's Expo Go-first guidance before creating custom native builds unless custom native code or platform targets require them.GSAP is primarily a frontend animation library, but generated animations can still break layout, accessibility, input handling, scroll behavior, or client performance. ScrollTrigger, pinned sections, smooth scrolling, and layout-dependent timelines should be tested across viewport sizes and after dynamic content loads. React, Vue, Svelte, and other framework integrations need cleanup on unmount so animations, event listeners, and ScrollTriggers do not leak across renders. Remove development markers, debug helpers, and unnecessary long-running animations before production.
Privacy notesWordPress work can expose database content, user accounts, emails, cookies, nonces, application passwords, REST payloads, site URLs, plugin settings, telemetry, performance profiles, and logs. Keep wp-config secrets, salts, database credentials, application passwords, admin cookies, production exports, customer data, and private plugin code out of prompts, screenshots, issues, and public PRs. When using Playground, mounted local code may be copied into an in-memory filesystem; check that the mounted project does not contain secrets before sharing snapshots or repro links..NET repositories may contain connection strings, appsettings secrets, user secrets, certificates, environment variables, telemetry keys, logs, traces, dumps, package credentials, and production data. MSBuild binlogs, crash dumps, profiler output, and test artifacts can contain source paths, dependency graphs, request data, exception payloads, configuration values, and environment details. MCP servers created with these skills may forward prompts and tool inputs to local processes, HTTP services, databases, cloud APIs, or third-party model providers depending on the implementation. Keep private NuGet credentials, signing keys, deployment secrets, customer data, dumps, and proprietary source out of public prompts, issues, pull requests, and shared artifacts.Expo and EAS work can involve bundle identifiers, project IDs, app metadata, Apple and Google credentials, service account files, release channels, crash metrics, user counts, update payload sizes, screenshots, and build logs. Keep Expo tokens, Apple credentials, Google service account JSON, signing keys, keystore files, secrets, private crash data, and unpublished app metadata out of prompts, public PRs, screenshots, and logs. The Expo plugin can bundle MCP configuration; connected agents may access docs, EAS services, simulator screenshots, build status, workflow state, or update health depending on granted permissions.The skills are local instruction files and do not require app data by themselves. Do not paste proprietary designs, private Figma exports, customer analytics, unreleased campaign copy, or private frontend source into public prompts or issues when asking an agent to animate UI. If the agent uses browser automation, visual captures, or external model providers while applying these skills, screenshots and source snippets may be processed outside the local project.
Prerequisites
  • AI coding assistant or skill installer compatible with Agent Skills-style repositories.
  • WordPress plugin, theme, block theme, Gutenberg block, WordPress core checkout, or full-site repository.
  • Target WordPress and PHP version constraints, especially when working below WordPress 6.9 or with older PHP support.
  • Repo-local test/build tooling such as Composer, npm, @wordpress/scripts, wp-env, WP-CLI, PHPUnit, Playwright, PHPCS, or PHPStan where available.
  • An AI coding assistant or skill host that supports Agent Skills, plugin marketplaces, or direct skill installation.
  • .NET SDK and project-local build/test tooling appropriate for the repository being edited.
  • For MCP server work, the official C# MCP SDK, MCP project templates, and a target transport choice such as stdio or HTTP.
  • For diagnostics, permission to collect traces, dumps, logs, counters, binlogs, or test output from the target environment.
  • Claude Code, Codex, Cursor, or another Agent Skills-compatible AI coding agent.
  • Expo or React Native project when applying project-specific skills.
  • Expo CLI, EAS CLI, simulator/device, or Expo account access when building, deploying, observing, or querying EAS state.
  • Current Expo docs, Expo CLI help, EAS CLI help, or Expo MCP access for exact commands and service behavior.
  • AI coding agent or skill installer compatible with Agent Skills repositories.
  • JavaScript, TypeScript, React, Vue, Svelte, vanilla JS, Webflow, SVG, or frontend animation task.
  • GSAP package available in the target app when generating runnable animation code.
  • Browser or framework test surface for verifying animation timing, cleanup, responsiveness, and reduced-motion behavior.
Install
npx skills add WordPress/agent-skills --skill wordpress-router
codex plugin marketplace add dotnet/skills
npx skills add expo/skills
npx skills add https://github.com/greensock/gsap-skills
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.