Skills
skills/notque/claude-code-toolkit/wordpress-uploader/Gen Agent Trust Hub

wordpress-uploader

Warn

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple local Python scripts (wordpress-upload.py, wordpress-media-upload.py, wordpress-edit-post.py) located in ~/.claude/scripts/. It also utilizes python3 -c to execute inline Python code for validating environment variables.
  • [DATA_EXFILTRATION]: The skill reads sensitive information from the ~/.env file, specifically WORDPRESS_SITE, WORDPRESS_USER, and WORDPRESS_APP_PASSWORD. Additionally, the instructions require the agent to 'Display complete script output' and 'Never summarize, truncate, or hide results', which could lead to the unintended exposure of authentication headers or internal tokens in the output.
  • [PROMPT_INJECTION]: The skill processes untrusted markdown files provided by the user, creating an attack surface for indirect prompt injection where malicious instructions could be embedded in the content or YAML frontmatter to influence agent behavior.
  • Ingestion points: Markdown files passed to the --file argument in SKILL.md.
  • Boundary markers: Absent. The instructions do not provide delimiters or logic to separate content from potential embedded instructions.
  • Capability inventory: Shell execution of local Python scripts and network communication with the WordPress REST API.
  • Sanitization: Absent. No evidence of input validation or content sanitization is described.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 05:55 AM