wordpress-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs embedding application passwords directly into commands and config files (e.g., curl -u "username:password" and .dev.vars entries) which requires the agent to accept and output secrets verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Step 2 Option B and Step 4) instructs the agent to fetch and inspect content from arbitrary WordPress sites (e.g., curl to https://example.com/wp-json/wp/v2/posts and multiple wp @sitename ... commands), which are untrusted, user-generated third-party sources whose responses are read and used to decide configuration and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime installation step instructs fetching and installing executable code via "curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar" (followed by chmod/mv), which downloads remote code that would be executed to satisfy the required WP-CLI dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs privileged, state-changing actions on the host — e.g., using sudo to move wp-cli into /usr/local/bin and advising StrictHostKeyChecking=no (SSH host-key bypass), which request elevated/file-system and security-bypassing operations on the machine.