Skills
skills/jezweb/claude-skills/wordpress-content/Gen Agent Trust Hub

wordpress-content

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes external data from CSV and HTML files and downloads content from remote URLs, creating a potential surface for indirect prompt injection. Ingestion points: posts.csv and post-content.html are read for bulk creation and post updates; wp media import fetches data from external URLs. Boundary markers: Absent. Capability inventory: Full WordPress management via wp CLI (creating/updating posts, managing terms, importing media) and curl. Sanitization: No explicit sanitization or validation of the input file content is demonstrated.
  • [External Downloads] (LOW): The skill provides instructions for importing media directly from remote URLs using wp media import (references/wp-cli-content.md), which is a standard feature of WP-CLI.
  • [Command Execution] (LOW): The skill relies on system commands like wp, curl, scp, and xargs to manage remote WordPress instances, which is the primary intended function (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 11:05 AM