Skills
skills/sickn33/antigravity-awesome-skills/wordpress/Gen Agent Trust Hub

wordpress

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes AI-powered features that are susceptible to indirect prompt injection when processing post content.
  • Ingestion points: The save_post hook and the my_plugin_generate_summary_handler function in SKILL.md process untrusted content from the $post->post_content field.
  • Boundary markers: Absent. The skill concatenates untrusted content directly into the prompt string (e.g., 'Summarize in 2 sentences: ' . substr($content, 0, 1000)) without using delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill possesses capabilities to write to the WordPress database via wp_update_post and perform network-based AI requests using the wp_ai_client_prompt function.
  • Sanitization: The implementation uses strip_tags() for input and sanitize_textarea_field() for output. While these prevent XSS and HTML injection, they do not mitigate the risk of an LLM following malicious instructions embedded within the plain text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 04:22 AM