WordPress Penetration Testing

This skill is an explicit offensive pentesting guide for WordPress that honestly documents discovery, enumeration, brute-force, and exploitation techniques including webshells and reverse shells. The capabilities align with the stated purpose of penetration testing (so the content is coherent), but the inclusion of ready-made exploit code (PHP webshell, reverse shell), high-throughput brute-force guidance, and detection-evasion techniques creates a high potential for abuse if used without strict authorization. This makes the skill 'suspicious' from a supply-chain perspective: its functionality is legitimate in authorized testing contexts but dangerous if distributed or invoked without controls. Recommend restricting access, adding clear mandatory authorization checks and logging requirements, and removing or gating explicit exploitation payload templates in public/shared skills.