pinch-to-post
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on a provided shell script,
wp-rest.sh, to execute WordPress and WooCommerce management tasks. - Evidence: The script performs various operations using
curl,jq, and standard Unix utilities to interact with remote APIs. - [EXTERNAL_DOWNLOADS]: The
check-linkscommand in thewp-rest.shscript performs outbound HTTP requests to external URLs discovered within site content. - Evidence: The script extracts URLs from post content and uses
curlto verify their status codes. - [CREDENTIALS_UNSAFE]: The skill requires the configuration of sensitive environment variables, including
WP_APP_PASSWORD,WC_CONSUMER_KEY, andWC_CONSUMER_SECRET. - Evidence: Documentation in
README.mdandSKILL.mdinstructs users to provide these credentials for API authentication. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves untrusted data from the managed WordPress site that the agent then processes.
- Ingestion points: Untrusted data enters the agent context through commands like
list-comments,pending-comments, andget-postinwp-rest.sh. - Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore commands found within retrieved site content.
- Capability inventory: The skill has powerful capabilities, including
delete-post,bulk-delete-old,wc-delete-product, andupdate-postviawp-rest.sh. - Sanitization: Content is processed via
jqandsed, but raw comment and post text is passed back to the agent for evaluation.
Audit Metadata