wordpress-admin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The
SKILL.mdfile contains hardcoded FTP credentials (username and password) for the production sitecsrdevelopment.com. It also exposes local administrator credentials (admin/admin123). - COMMAND_EXECUTION (HIGH): The Python scripts
wp-page.pyandwp-seo.pyutilizesubprocess.run(shell=True)with string interpolation. While basic quote escaping is implemented, it does not prevent command injection via shell expansion (e.g., using$(...)or backticks) if an attacker provides malicious page titles or content. - INDIRECT_PROMPT_INJECTION (HIGH): This skill handles untrusted data (titles, meta descriptions, and page content) while possessing high-impact capabilities like database modification and plugin installation.
- Ingestion points:
wp-page.py(--title,--content),wp-seo.py(--meta-desc). - Boundary markers: None detected.
- Capability inventory:
subprocess.run(executingdocker,wp-cli),curl,lftp. - Sanitization: Inadequate manual string replacement of quotes only.
- DATA_EXFILTRATION (MEDIUM): The skill documentation reveals the exact paths for sensitive API keys (Pexels, Unsplash) in
/root/. Additionally, the use oflftpwithset ssl:verify-certificate noinSKILL.mdfacilitates man-in-the-middle attacks, potentially leading to the theft of credentials or data during synchronization. - PRIVILEGE_ESCALATION (HIGH): The skill configuration and workflows consistently use the
--allow-rootflag withwp-cliviadocker exec, granting the agent root-level access to the WordPress environment unnecessarily.
Recommendations
- AI detected serious security threats
Audit Metadata