search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill invokes a local PHP script via Bash with arguments dynamically generated from user-provided text. This presents a significant risk of shell argument injection if the agent fails to properly sanitize the input when constructing the command line arguments.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data from an external source (WordPress Trac tickets) and instructs the agent to 'Review results' to decide on subsequent actions. Maliciously crafted ticket content could hijack the agent's logic to perform unauthorized actions or exfiltrate data. Evidence Chain (Category 8): 1. Ingestion points: search.php output (ticket data); 2. Boundary markers: Absent; 3. Capability inventory: Bash command execution; 4. Sanitization: None provided in the instruction set.
Recommendations
- AI detected serious security threats
Audit Metadata