wp-plugin-development
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It processes untrusted external content (WordPress plugin source code) and possesses capabilities to modify files and execute commands.
- Ingestion points: Plugin main files, header metadata, and repository structures (e.g., wp-content/plugins/) via
detect_plugins.mjs. - Boundary markers: No boundary markers or 'ignore' instructions are present to prevent the agent from following prompts embedded in the plugin code.
- Capability inventory: Includes filesystem write access for refactoring, execution of
nodescripts,bashcommands, andWP-CLIwhich can interact with the database and environment. - Sanitization: No sanitization or escaping of ingested source code is specified before the agent processes it.
- [Command Execution] (LOW): The skill executes local Node.js scripts as part of its triage and detection workflow.
- Evidence: Execution of
node skills/wp-project-triage/scripts/detect_wp_project.mjsandnode skills/wp-plugin-development/scripts/detect_plugins.mjs. While these appear to be internal, local script execution is a sensitive capability.
Recommendations
- AI detected serious security threats
Audit Metadata