Skills
skills/crazyswami/wordpress-dev-skills/wp-docker/Gen Agent Trust Hub

wp-docker

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The templates/.env.example file and templates/wp-setup.sh script use insecure default passwords (e.g., 'wordpress', 'rootpassword', 'password123') for database and admin accounts.
  • [EXTERNAL_DOWNLOADS]: The skill configuration fetches official container images from Docker Hub (mariadb, wordpress) and installs WordPress plugins from the official WordPress.org repository. These are trusted, well-known services.
  • [COMMAND_EXECUTION]: The skill is designed to execute Docker Compose and WP-CLI commands to manage the WordPress environment, including container lifecycle management and database operations.
  • [PROMPT_INJECTION]: The wp-setup.sh script exposes an attack surface for indirect prompt injection where untrusted data could influence command execution.
  • Ingestion points: Positional arguments for site URL, title, and admin credentials in templates/wp-setup.sh.
  • Boundary markers: Absent. While variables are double-quoted, there are no delimiters or instructions to ignore embedded malicious content.
  • Capability inventory: Executes docker-compose run to call WP-CLI for core installation and configuration changes.
  • Sanitization: No validation or escaping is performed on the user-provided arguments before they are passed to the shell script logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:39 AM