The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive shell command execution to manage the project setup, including initializing repositories (git init, npm init), installing packages (composer require, npm install), and performing cleanup tasks (rm -f yarn.lock). It also runs internal automation scripts (scripts/detect_project.mjs and scripts/plan_setup.mjs) which use execSync to trigger further environment changes.
[EXTERNAL_DOWNLOADS]: The skill is configured to download and install additional capabilities using the npx skills add command. It targets multiple GitHub repositories, including github.com/automattic/agent-skills (a well-known organization in the WordPress ecosystem) and github.com/jeffallan/claude-skills (an individual third-party repository). Downloading and executing code from unverifiable individual sources is a risk.
[PROMPT_INJECTION]: The instructions direct the agent to collect user-provided metadata (such as Plugin Name and Description) and interpolate these values directly into shell commands (e.g., composer init ... --description="{Description}"). This creates a vulnerability surface for indirect prompt injection or command injection if a user provides malicious input designed to break out of the command string.
Ingestion points: User-provided metadata prompted in SKILL.md Phase 1.
Boundary markers: No delimiters or instructions are used to prevent the agent from obeying instructions embedded in the user metadata.
Capability inventory: The skill has significant capabilities including file system access, network access via package managers, and shell command execution.
Sanitization: There is no evidence of sanitization or validation of the user-supplied strings before they are incorporated into executable shell commands.

prepare-wordpress