The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill ingests untrusted data from a WordPress site (post titles, content, and existing SEO metadata) which is then passed to the AI agent to generate 'optimized' content. This creates a surface for indirect prompt injection where malicious content in a post could attempt to hijack the agent's instructions during the generation of the changes.json file.
Ingestion points: scripts/analyze_seo.py fetches post data via WPGraphQLClient.
Boundary markers: No specific delimiters or 'ignore instructions' warnings are wrapped around the ingested content in the report generated for the AI.
Capability inventory: The skill includes the ability to write/update metadata back to the WordPress site using the update_post_seo mutation in scripts/wp_graphql_client.py.
Sanitization: While the suggested PHP code for the WordPress side uses sanitization, the Python scripts do not sanitize or validate the content fetched from the API before presenting it to the AI agent for analysis.
Credentials Safety (SAFE): The skill handles WordPress Application Passwords. It correctly advises using environment variables or a local config.json file rather than hardcoding credentials. Authentication is performed via standard Basic Auth over the user-provided GraphQL endpoint, with no evidence of exfiltration to unauthorized third-party domains.

seo-wordpress-manager