wp-playground
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user/agent to run
npx @wp-playground/cli@latest. This command fetches and executes code directly from the npm registry at runtime. While WordPress Playground is a legitimate project, the use ofnpxwith an unpinned version from an external repository carries inherent risks of supply chain compromise or runtime code injection. - [REMOTE_CODE_EXECUTION] (MEDIUM): The
run-blueprintcommand supports loading JSON configuration files from remote URLs (e.g.,https://example.com/blueprint.json). These blueprints can define steps to install WordPress plugins from arbitrary ZIP file URLs (e.g.,pluginZipFile: { "resource": "url", "url": "..." }), effectively allowing a remote file to control code installation on the local environment. - [COMMAND_EXECUTION] (MEDIUM): The skill provides instructions for executing shell commands that mount local directories (
--mount) into a WebAssembly-based WordPress environment. This could lead to sensitive local data exposure if malicious paths are provided to the mount command. - [PROMPT_INJECTION] (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) due to the ingestion of external data. \n
- Ingestion points: Remote JSON blueprints and external plugin ZIP files specified in blueprints. \n
- Boundary markers: Absent; there are no instructions to the agent to treat blueprint content as data only. \n
- Capability inventory: Command execution (
npx), local filesystem access (--mount), and network requests for site setup. \n - Sanitization: Absent; the skill does not mention validation or sandboxing of the blueprint sources or plugin URLs.
Audit Metadata