generating-wordpress-fse-blocks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The scaffolding instructions in
SKILL.md(Step 2) use shell commands (mkdir,touch) with placeholders for block names. If an agent populates these with user-provided input without sanitization, it allows for arbitrary shell command injection via metacharacters like semicolons or backticks.\n- PROMPT_INJECTION (HIGH): Significant indirect prompt injection surface identified. Ingestion points: User-provided block names and requirements. Boundary markers: None. Capability inventory: Shell execution (mkdir), file system access, and code generation for PHP/JS. Sanitization: No validation is prescribed for the block name before its use in system commands, though generated templates use standard WordPress functions likewp_kses_post.\n- EXTERNAL_DOWNLOADS (LOW): References@wordpress/scriptsand@types/wordpress__blocksfrom npm. These are standard packages for the domain but remain external dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata