wp-playground

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and fetches blueprints from public URLs (see "Run a Blueprint" in SKILL.md and references/blueprints.md and the browser query param ?blueprint-url=<public-url-or-zip>), and those blueprints can contain executable steps like runPHP, writeFile, and installPlugin that the agent will interpret and act on, so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill allows fetching and executing remote blueprints at runtime via --blueprint= (e.g., https://playground.wordpress.net/?blueprint-url=), and those blueprints can contain runPHP, writeFile, installPlugin/installTheme steps that fetch and execute remote code (e.g., https://downloads.wordpress.org/plugin/classic-editor.zip), so a remote URL directly controls runtime behavior and code execution.