wp-static-clone
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
wgetandcurlto interact with remote domains. These commands are executed based on instructions and shell snippets provided in theAGENTS.mdfile. - [EXTERNAL_DOWNLOADS]: The workflow requires downloading various assets (sitemaps, HTML, images, CSS, and JavaScript) from external, user-specified WordPress sites and the Gravatar service (
secure.gravatar.com). - [REMOTE_CODE_EXECUTION]: There is a risk of command injection due to the use of user-supplied variables like
$ROOTin shell commands withinAGENTS.md. If the agent executes these commands without proper sanitization of the input, a malicious URL containing shell metacharacters could lead to arbitrary code execution. - [PROMPT_INJECTION]: The skill processes untrusted HTML content from external websites, creating an attack surface for indirect prompt injection. While the included scripts perform specific text transformations, the ingestion of arbitrary web content remains a risk factor.
- Ingestion points: Untrusted HTML content is downloaded from external sites and subsequently read and modified by scripts in the
scripts/directory. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious content embedded within the ingested HTML.
- Capability inventory: The skill possesses capabilities for file system modification, network requests via
curlandwget, and execution of local Python scripts. - Sanitization: The Python scripts use regular expressions to filter specific WordPress-related markup but do not implement a comprehensive sanitization strategy for all ingested content.
Audit Metadata