wordpress-content
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of WP-CLI commands (
wp @site ...) to manage WordPress content. The use of aliases (@site) implies the ability to execute commands on remote servers via SSH. - [COMMAND_EXECUTION]: Instructions include the assembly of shell commands from external data sources, such as loops that read from
posts.csvand the use ofxargsto process lists of post IDs. This pattern is vulnerable to command injection if the source data contains malicious shell characters. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection due to the processing of untrusted external data.
- Ingestion points: The skill reads and processes content from CSV files (
posts.csv), HTML files (./post-content.html,./updated-content.html), and fetches media from arbitrary external URLs. - Boundary markers: No boundary markers or instructions to the agent to ignore embedded instructions within these data sources are present.
- Capability inventory: The skill possesses extensive capabilities including subprocess execution via
wp-cli, network operations viacurl, and remote file transfers viascp. - Sanitization: There is no evidence of content sanitization or validation before the data is interpolated into commands or uploaded to the WordPress database.
Audit Metadata