wordpress-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs collecting and embedding SSH credentials and WordPress application passwords directly into commands and config files (e.g., curl -u "username:PASSWORD" and WP_APP_PASSWORD in .dev.vars), which requires the agent to output secret values verbatim and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to connect to and fetch content from arbitrary public WordPress sites (Step 2 Option A via WP-CLI over SSH and Step 2 Option B via REST API curl to https://example.com/wp-json/..., and Step 4 commands like wp @sitename post list and wp @sitename plugin status) which means it ingests untrusted third-party/site-generated content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that downloads and installs remote executable code via curl (https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar), which would execute remote code required for the skill to operate.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes commands that modify system-wide paths with sudo (sudo mv /usr/local/bin/wp) and advises disabling SSH host key checking and using --allow-root, which instructs bypassing security and altering the machine's state.