Skills
skills/crazyswami/wordpress-dev-skills/white-label/Gen Agent Trust Hub

white-label

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script apply-white-label.sh utilizes high-privilege commands including docker exec and wp eval-file --allow-root. These tools allow for the execution of arbitrary PHP logic with administrative access to the WordPress environment.
  • [COMMAND_EXECUTION] (MEDIUM): The script accepts unvalidated positional parameters for the container name and configuration file path. These values are used directly in shell commands, creating a potential command injection surface if the parameters are sourced from untrusted data.
  • [PROMPT_INJECTION] (LOW): This skill contains an indirect prompt injection surface. Ingestion points: Command-line arguments in apply-white-label.sh. Boundary markers: Absent. Capability inventory: File copying via docker cp and administrative code execution via docker exec and wp-cli. Sanitization: None detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:50 PM