Skills
skills/jakenuts/agent-skills/wordpress-content-manager/Gen Agent Trust Hub

wordpress-content-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Privilege Escalation (HIGH): The setup script scripts/setup.sh uses sudo apt-get to install system packages, which grants the script administrative access to the host system.
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The setup scripts execute npm install and npm run validate in a directory specified by the WP_CLI_PATH environment variable or a configuration file. This allows for the execution of arbitrary code contained within a potentially untrusted directory via npm lifecycle scripts.
  • External Downloads (MEDIUM): The skill setup process automatically downloads and installs the Node.js runtime and third-party dependencies from external repositories like the npm registry and system package managers.
  • Indirect Prompt Injection (LOW): The skill reads post content from a WordPress site, creating an attack surface where untrusted data could contain instructions for the agent.
  • Ingestion points: WordPress REST API responses (posts/list and posts/get).
  • Boundary markers: None observed in the provided script logic.
  • Capability inventory: Network access (WordPress API), File system interaction (via wp-content.mjs), and command execution via npm.
  • Sanitization: No sanitization or validation of the remote API content is performed before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:30 PM