wordpress-setup
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the WP-CLI binary from the official WP-CLI GitHub repository to enable local WordPress management.
- [EXTERNAL_DOWNLOADS]: Downloads and installs the
wp-cli/ssh-commandpackage from the official WP-CLI package registry to support remote site connections. - [COMMAND_EXECUTION]: Utilizes
sudoto install the WP-CLI executable into the system's global binary directory (/usr/local/bin), which requires elevated system permissions. - [COMMAND_EXECUTION]: Recommends configuring SSH aliases with
StrictHostKeyChecking=no, a setting that disables a fundamental security check of the remote host's identity, increasing the risk of man-in-the-middle (MITM) attacks. - [DATA_EXFILTRATION]: Provides automated commands to retrieve sensitive information from WordPress sites, including comprehensive user lists (emails, IDs, and roles) and database structures.
- [CREDENTIALS_UNSAFE]: Includes instructions for storing sensitive WordPress credentials and application passwords in plaintext within a local
.dev.varsfile, which poses a risk if the local filesystem is compromised.
Audit Metadata