wordpress-content
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands and the WP-CLI tool (wp) to create, update, and manage WordPress site content, including posts, pages, and database search-and-replace operations.\n- [EXTERNAL_DOWNLOADS]: The skill uses curl and WP-CLI's media import feature to download media and interact with the REST API from remote URLs.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it is designed to ingest and process data from external sources.\n
- Ingestion points: Reads content from user-provided CSV files (posts.csv) and HTML files (post-content.html, updated-content.html) as documented in SKILL.md workflow steps.\n
- Boundary markers: Absent. The skill instructions do not specify any delimiters or safety prompts to prevent the agent from obeying instructions embedded within the imported content.\n
- Capability inventory: Significant capabilities are available, including network access (curl, wp media import), local file system writes (cat > /tmp/), and remote command execution (wp @site) throughout the management lifecycle.\n
- Sanitization: Absent. Content from external files is passed directly into WordPress commands without validation or sanitization steps.
Audit Metadata