wp-plugin-review
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/setup_tools.shscript utilizessudo apt-get installto install necessary PHP system dependencies, which constitutes a privilege escalation pattern within the environment. - [EXTERNAL_DOWNLOADS]: The skill fetches the Composer installer from its official domain (
getcomposer.org) and installs standard PHP security and quality tools (PHPCS, PHPStan, PHPUnit) from official registries. These downloads target well-known and trusted services. - [REMOTE_CODE_EXECUTION]: The skill is instructed to execute
phpuniton the provided plugin code. This process runs the plugin's own test suite, which may contain arbitrary code; if the plugin is malicious, this could lead to the execution of harmful commands. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted code from uploaded plugins.
- Ingestion points: Plugin files and directories are read from
/mnt/user-data/uploads/and processed for manual and automated review. - Boundary markers: No explicit delimiters or isolation instructions are used when the agent reads the external code content.
- Capability inventory: The agent can execute shell commands and modify the file system.
- Sanitization: There is no pre-processing or sanitization of the plugin code before it is interpreted by the agent during the manual review phase.
Audit Metadata