Skills
skills/aslamdoctor/wp-debug-skill/wp-debug/Gen Agent Trust Hub

wp-debug

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses broad filesystem searches ('find / -maxdepth 5') to locate the WordPress configuration file and performs direct file modifications including backup, truncation, and in-place editing.
  • [CREDENTIALS_UNSAFE]: The skill modifies 'wp-config.php', a sensitive file typically containing database credentials (DB_PASSWORD, DB_USER). Unauthorized access or accidental corruption of this file could compromise the application's security.
  • [PROMPT_INJECTION]: The 'Analyzing the Log' functionality introduces an indirect prompt injection surface where malicious data in logs could influence agent behavior. * Ingestion points: 'debug.log' (Analyzing the Log step). * Boundary markers: None mentioned. * Capability inventory: Subprocess calls ('find', 'cp', 'truncate', 'tail') and file-write capabilities. * Sanitization: None mentioned for external log content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 09:07 PM