WordPress Router

Name: agent-skills/wordpress-router
Author: wordpress

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill executes user-provided repository scripts, enabling

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

WordPress Router: Use this skill at the start of most WordPress tasks to:

Actually does

The skill executes a Node.js script (`detect_wp_project.mjs`) to analyze the current working directory (repo root). It reads the script's output to classify the WordPress project type, available tooling, and testing frameworks. It then uses this information, along with a local decision tree file (`decision-tree.md`), to determine the appropriate subsequent workflow.

Threat Analysis

AI Agent Traps ↗Scanned 5/5/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namewordpress/agent-skills/wordpress-router

Registrygithub

Version2ec2cd8e9da7

PURLpkg:github/wordpress/agent-skills@2ec2cd8e9da7?skill=wordpress-router

Stars1,417

Installs1,400

Source

Repository ↗SKILL.md ↗

SHA-25638f4dc335679...

SHA-1edf0940915a4...

MD5d02a9179108c...

TLSHca418639bb48...

Size2,227 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/WordPress/agent-skills

1,400 installs

Skills.shDocs

npx skills add https://github.com/wordpress/agent-skills

Assessments (1)

AI Agent Traps ↗

Execution of arbitrary repository scriptscriticalcommand execution

The agent is explicitly instructed to execute `lint`, `test`, or `build` commands found within the user's repository. This allows an attacker to embed malicious scripts in their repository, which the agent will then execute.

100% confidenceline 40

Run the repo’s lint/test/build commands that the triage output recommends (if available).

Broad system command execution capabilitieshighcommand execution

The skill explicitly states compatibility with `bash`, `node`, and `WP-CLI`, indicating the agent has broad capabilities to execute system commands and scripts. While necessary for its function, this presents a significant attack surface if not properly sandboxed.

100% confidenceline 4

compatibility: "Filesystem-based agent with bash + node. Some workflows require WP-CLI."

Filesystem access and reconnaissancelowreconnaissance

The agent is designed to operate on the 'Repo root (current working directory)' and inspect various configuration files, confirming its ability to read local filesystem content. This capability, while functional, could be leveraged for reconnaissance.

100% confidenceline 24

Inputs required: - Repo root (current working directory). ... inspect: - root composer.json, package.json, style.css, block.json, theme.json, wp-content/.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/wordpress/agent-skills/wordpress-router.svg)](https://mondoo.com/ai-agent-security/skills/github/wordpress/agent-skills/wordpress-router)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/wordpress/agent-skills/wordpress-router"><img src="https://mondoo.com/ai-agent-security/api/badge/github/wordpress/agent-skills/wordpress-router.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/wordpress/agent-skills/wordpress-router.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow