wordpress-penetration-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill prompt contains many examples that embed API tokens, passwords, and HTTP auth credentials directly in commands (e.g., --api-token YOUR_API_TOKEN, --http-auth admin:password, set PASSWORD jessica), which would require the agent to accept and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes explicit instructions and code for unauthorized access and persistent backdoors (reverse shells, webshell/plugin backdoor, theme file edits), brute-force credential attacks, and exploitation techniques with evasion guidance, indicating high potential for deliberate malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md instructs the agent to fetch and parse arbitrary public websites (e.g., numerous curl and WPScan commands against http://target.com and endpoints like /readme.html, /wp-json/wp/v2/users, /wp-content/plugins/) which are untrusted third-party/user-generated sources whose contents are then used to select vulnerabilities and drive exploitation decisions.