The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains multiple PHP code snippets that facilitate indirect prompt injection by interpolating untrusted data into prompts sent to the WordPress 7.0 Abilities/AI API.
Ingestion points: Untrusted data enters the agent context through several functions in SKILL.md: generate_ai_product_description (product title and short description), ai_check_order_fraud (shipping address, billing email, and order total), handle_ai_product_question (user-submitted questions via AJAX), and ai_validate_order (checkout fields like email, phone, and address).
Boundary markers: The code snippets do not implement any boundary markers or delimiters (like XML tags or clear separators) to prevent the AI from interpreting the data as instructions.
Capability inventory: The skill includes capabilities to automate product description generation, process order fraud analysis, and provide automated customer service responses based on the results of these AI prompts.
Sanitization: While standard WordPress sanitization functions like sanitize_text_field and sanitize_email are used, these are designed to prevent XSS and database injection, not prompt injection. There is no evidence of filtering or escaping designed to neutralize adversarial prompt content within the data strings.

wordpress-woocommerce-development