The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes code patterns in Phase 8 for AI Connector implementation that are vulnerable to Indirect Prompt Injection. Untrusted data from WordPress posts is interpolated directly into natural language prompts without delimiters, allowing the content of a post to potentially override the intended AI behavior during summary generation.
Ingestion points: The $post->post_content variable in the my_plugin_generate_ai_summary function and the $input['content'] variable in the my_plugin_generate_summary_cb function within SKILL.md.
Boundary markers: Absent. The code uses direct string concatenation (e.g., 'Create a compelling 2-sentence summary for social media: ' . substr($content, 0, 1000)) without any delimiters like triple quotes or XML-style tags to isolate the user-provided content.
Capability inventory: The skill utilizes the wp_ai_client_prompt() function to process text and update_post_meta() to save results back to the database.
Sanitization: While the code uses sanitize_textarea_field() on the AI's output, it does not sanitize or escape the input data to prevent it from containing adversarial instructions aimed at the LLM.

wordpress-plugin-development