The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/setup_tools.sh script utilizes sudo apt-get install to install PHP and system-level dependencies required for the audit environment.
[REMOTE_CODE_EXECUTION]: The skill's workflow involves running phpunit on files within the /home/claude/plugin-under-review/ directory. Since PHPUnit executes the code it is testing, a maliciously crafted plugin could achieve code execution on the agent's system.
[EXTERNAL_DOWNLOADS]: The setup script fetches the Composer installer from https://getcomposer.org/installer and various security tools (PHPCS, PHPStan, PHPUnit) from official registries. These downloads are from well-known technology services and are documented neutrally.
[PROMPT_INJECTION]: The skill processes untrusted code from user-uploaded ZIP files or folders, creating a surface for indirect prompt injection. 1. Ingestion points: Plugin source files located in /mnt/user-data/uploads/. 2. Boundary markers: The workflow does not define specific delimiters or instructions to ignore embedded prompts during the analysis phase. 3. Capability inventory: The agent has the ability to execute system commands via subprocesses and write report files to the filesystem. 4. Sanitization: There is no sanitization or content validation performed on the plugin source code before it is analyzed by the agent.

wp-plugin-review