wp-astrojs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from arbitrary WordPress sites via the WordPressClient (baseUrl from import.meta.env.PUBLIC_WORDPRESS_BASE_URL), live loaders like wordPressPostLoader/getLiveEntry, and wp.explore() (all noted in SKILL.md), which means untrusted, user-generated third-party content can be read and used to drive loaders/actions and normalization logic and thus could inject instructions that affect agent behavior.