Skills
NYC
skills/automattic/agent-skills/wp-block-themes/Gen Agent Trust Hub

wp-block-themes

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill targets external WordPress project files for reading and modification. \n
  • Ingestion points: Processes files in templates/*.html, parts/*.html, patterns/*.php, and theme.json from targeted repositories. \n
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat content within these files as untrusted or to ignore embedded instructions. \n
  • Capability inventory: The skill allows for file modification (theme.json, templates, parts) and command execution via node scripts and WP-CLI. \n
  • Sanitization: No sanitization or validation logic is defined for the external content before it is processed or used in operations. \n- Unverifiable Dependencies (MEDIUM): The skill executes external scripts not included in the provided file. \n
  • Evidence: Calls to node skills/wp-project-triage/scripts/detect_wp_project.mjs and node skills/wp-block-themes/scripts/detect_block_themes.mjs. Without the source of these scripts, their safety cannot be verified. \n- Command Execution (LOW): Uses node and WP-CLI to perform theme detection and management tasks. While standard for this workflow, it provides the mechanism for potential exploit if paired with a successful injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 09:49 AM