wordpress-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's script (scripts/wp-publish.js) makes REST API requests to the configured WP_URL (e.g., /wp-json/wp/v2/posts and /wp-json/wp/v2/media), parsing and using JSON responses from that WordPress site—which may be a public, user-generated/untrusted source—so the agent ingests and interprets third-party content from an arbitrary site specified in .env.