wp-performance
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data from REST API responses and HTTP headers without explicit sanitization or boundary markers.
- Ingestion points: Untrusted data enters the agent context via
curloutput, REST API response headers (x-qm-*), and_enveloperesponses during performance inspection. - Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instruction' warnings for the data being analyzed.
- Capability inventory: The skill possesses the capability to execute a local Node.js script (
perf_inspect.mjs) and WP-CLI commands including arbitrary PHP code execution viawp profile eval. - Sanitization: No sanitization, escaping, or validation of the external content is described before the agent processes it.
- [Dynamic Execution] (LOW): The skill utilizes dynamic code execution as part of its core profiling workflow.
- Evidence: Step 3 recommends using
wp profile evalfor targeted code path analysis, which executes a provided PHP string. - Context: Although this is a high-privilege capability, it is directly related to the skill's primary purpose (WordPress performance profiling), justifying a downgrade in severity from MEDIUM to LOW.
- [Metadata Poisoning] (LOW): The skill contains misleading metadata by referencing a future WordPress version (6.9) and a documentation URL dated November 2025, both of which are currently non-existent. While not containing malicious instructions, this represents deceptive documentation content.
Audit Metadata