elementor-content

[Skill Scanner] Skill instructions include directives to hide actions from user This skill is functionally aligned with its stated purpose (editing Elementor JSON templates and updating WordPress via WP-CLI). It does not contain obvious malware, obfuscation, or supply-chain download-execute patterns. The main risk is operational: it requires high privileges (filesystem and WP-CLI) and can make destructive persistent changes to sites without explicit safeguards (backups/dry runs). Treat it as a powerful administration tool that must be run in a controlled environment and with appropriate access controls and backups in place. LLM verification: Functionality is consistent with an Elementor content editing skill: reading/writing JSON templates and updating `_elementor_data` via WP-CLI. There is no evidence of remote download-execute, credential exfiltration, obfuscated payloads, or explicit malicious code in the provided SKILL.md. However, the skill grants high-impact capabilities (direct database writes and live site changes via WP-CLI) without mandated safety controls (backups, dry-run, explicit confirmations). The static scanner's re