wp-playground

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and installs plugins/themes from public WordPress sources (e.g., wordpress.org/plugins and wordpress.org/themes) and accepts arbitrary external blueprints via URL (e.g., https://playground.wordpress.net/?blueprint-url=...), which are untrusted third-party content the agent ingests and executes as part of environment setup (including runPHP and wp-cli steps), enabling indirect prompt/code injection.