wp-cli
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of powerful shell commands via the Bash tool to perform database resets, user deletions, and arbitrary SQL queries. Commands like
wp db reset --yesandwp db queryallow for direct and destructive manipulation of the system and its data. - [CREDENTIALS_UNSAFE]: The documentation and examples include patterns for passing sensitive credentials, such as database and user passwords, as plaintext command-line arguments (e.g.,
--dbpass=<password>and--user_pass=<password>). This practice leads to credential exposure in shell history and process monitoring tools. - [EXTERNAL_DOWNLOADS]: The skill documents the capability to install plugins and themes from arbitrary external URLs or ZIP files via
wp plugin install <slug|url|zip>, which can be used to download and execute code from untrusted sources. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface in the 'Content Import from CSV' workflow.
- Ingestion points: External CSV files (
import.csv,import-meta.csv) are processed inreferences/examples.md. - Boundary markers: Absent; the shell script iterates through the file content without structural delimiters or warnings to ignore embedded instructions.
- Capability inventory: Uses
wp post createandwp post meta addto inject data into the WordPress database. - Sanitization: Employs minimal sanitization (
sed 's/"//g'), which is insufficient to prevent command injection or data corruption if the input CSV contains malicious payloads tailored for shell interpolation.
Audit Metadata