elementor-content
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (MEDIUM): The skill utilizes WP-CLI commands and shell scripts to interact with the WordPress database and filesystem. It specifically uses 'wp eval' to execute arbitrary PHP code for tasks like updating metadata and deleting files. Evidence: Multiple instances in 'references/wp-cli-operations.md', including a PHP 'unlink' command inside a 'wp eval' block to clear CSS files.
- [Dynamic Execution] (MEDIUM): The skill generates and executes PHP code at runtime to handle file I/O and database interactions. Evidence: Commands like 'wp eval' are used to bypass shell escaping issues by reading file contents directly into PHP variables.
- [Indirect Prompt Injection] (LOW): The skill processes potentially untrusted data from the WordPress database or external JSON files and has access to high-privilege commands. 1. Ingestion points: 'references/wp-cli-operations.md' uses 'wp post meta get' to fetch data into the agent context. 2. Boundary markers: None identified. 3. Capability inventory: Includes 'wp post meta update', 'wp eval', and filesystem modification via 'unlink'. 4. Sanitization: No evidence of sanitization or escaping of the ingested JSON content is performed before processing.
Audit Metadata