Security Audit

Automattic/agent-skills:skills/wp-plugin-development

github.com/Automattic/agent-skills

AI SkillCommit 48d4aa21d0da

TRUSTED

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Automattic/agent-skills:skills/wp-plugin-development received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 0 medium, and 2 low severity. Key findings include Potential Data Exfiltration via Plugin Header Extraction, Broad File System Read Access.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on April 1, 2026 (commit 48d4aa21). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

96%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
LOW	Potential Data Exfiltration via Plugin Header Extraction The `detect_plugins.mjs` script reads the content of PHP files and extracts plugin header information, including the 'Description' field. While plugin headers are generally public metadata, a developer could inadvertently or maliciously place sensitive information (e.g., API keys, internal details) within the 'Description' or other extracted header fields. This information would then be included in the script's JSON output to `stdout`, leading to potential data exfiltration. Ensure plugin header fields (especially 'Description') do not contain sensitive information. Consider sanitizing or redacting potentially sensitive fields before output, or explicitly listing only non-sensitive header fields to extract. Implement stricter validation on the content of extracted fields if they are to be exposed.	Static	scripts/detect_plugins.mjs:100
LOW	Broad File System Read Access The `detect_plugins.mjs` script performs a recursive scan of the entire `repoRoot` (current working directory) to find PHP files. Although it includes `DEFAULT_IGNORES` for common directories and limits `maxFiles` and `maxDepth`, this grants the script broad read access to potentially all files within the agent's working directory. If the `repoRoot` is configured broadly, this could expose a wide range of files to the script, even if only PHP files are processed for headers. Ensure the agent's execution environment limits the `repoRoot` to the minimum necessary project directory for the skill. Review `maxFiles` and `maxDepth` parameters to ensure they are appropriate for the expected repository size and do not allow excessive traversal. Consider adding more specific file type or path filtering if only certain PHP files are relevant.	Static	scripts/detect_plugins.mjs:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/eeed837c0071e807.svg)](https://skillshield.io/report/eeed837c0071e807)