The Agent Skills Directory

Command Execution (MEDIUM): The skill provides instructions for high-risk administrative operations that can result in total data loss or system modification.
Evidence: Commands such as wp db reset (deletes database), wp user delete, and wp core update are documented in SKILL.md.
Evidence: The skill explicitly lists 'Dangerous Commands' which are destructive by design.
Remote Access and Execution (MEDIUM): The skill encourages the use of SSH for remote management and the configuration of SSH aliases in the local environment.
Evidence: Examples like ssh user@example.com "cd /var/www/html && wp plugin list" and the configuration of @prod aliases in ~/.wp-cli/config.yml.
External Downloads (LOW): The skill utilizes commands that fetch and install code from external repositories (e.g., WordPress.org).
Evidence: wp plugin install plugin-name downloads and executes third-party code.
Indirect Prompt Injection (LOW): The skill processes data from external WordPress sites which could contain malicious instructions designed to influence the agent.
Ingestion points: Command outputs from wp plugin list, wp user list, and wp post list in SKILL.md.
Boundary markers: Absent; command output is treated as trusted data.
Capability inventory: Subprocess execution (wp, ssh, rsync), file writing (tar, wp db export), and network operations (ssh).
Sanitization: Absent; the skill does not suggest sanitizing or validating command output before the agent acts on it.

wp-cli