WordPress Penetration Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill repeatedly shows and instructs embedding API tokens and passwords directly into commands and code examples (e.g., --api-token YOUR_API_TOKEN, --http-auth admin:password, set PASSWORD jessica), which would require the LLM to include secret values verbatim and poses a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill content clearly provides step-by-step offensive actions (credential brute‑force, XML‑RPC multicall, Metasploit exploits), explicit backdoors and remote code execution examples (PHP reverse shell, a plugin webshell using system($_GET['cmd']), theme editor code injection), and evasion techniques (proxy/Tor, throttling) — all indicating deliberate malicious capability and high abuse risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and parsing content from arbitrary public WordPress sites (e.g., "curl -s http://target.com/readme.html", "curl -s http://target.com/wp-json/wp/v2/users", and numerous wpscan commands against target.com), which the agent would read and use to drive enumeration and exploitation decisions, exposing it to untrusted third-party content.