Trust Assessment
blueprint received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary Code Execution via Blueprint Steps, Potential Data Exfiltration via Arbitrary HTTP Requests, Host System File Access via CLI Flag.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b1e542c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via Blueprint Steps The skill describes WordPress Playground blueprint steps (`runPHP`, `wp-cli`, `runSql`, `writeFile`, `writeFiles`) that allow for the execution of arbitrary PHP code, WP-CLI commands, and SQL queries within the WordPress Playground environment. If the agent is prompted to generate or approve a blueprint containing malicious code in these steps, it could lead to full command injection within the sandboxed environment. This includes writing malicious PHP to `mu-plugins` or other executable locations, which would then be executed by the Playground. The agent must be strictly instructed and trained to sanitize or reject any user-provided code snippets for these steps, and to only generate code that adheres to strict security policies. User input intended for these fields should be treated as highly untrusted and validated rigorously. | LLM | SKILL.md:170 | |
| HIGH | Potential Data Exfiltration via Arbitrary HTTP Requests The `request` step described in the blueprint documentation allows for making arbitrary HTTP requests to external URLs. While a legitimate feature, this presents a data exfiltration risk. A malicious blueprint, potentially generated by the agent or provided by a user, could combine this step with other code execution steps (e.g., `runPHP` to read sensitive files or database contents) to send collected data to an attacker-controlled server. The agent should be trained to scrutinize `request` steps, especially when combined with other steps that access sensitive data. Outbound requests should ideally be restricted to known safe domains or require explicit user confirmation for external communication. | LLM | SKILL.md:208 | |
| HIGH | Host System File Access via CLI Flag The skill documents the `--blueprint-may-read-adjacent-files` CLI flag, which, when used with `npx @wp-playground/cli server` or `run-blueprint`, grants the blueprint access to read files adjacent to its directory on the host system. If the agent is prompted to generate CLI commands that include this flag, and a malicious blueprint is then executed, it could lead to unauthorized reading of sensitive files from the host machine where the CLI is run. This bypasses the intended sandboxing for bundled resources. The agent should be strictly instructed to avoid generating CLI commands with the `--blueprint-may-read-adjacent-files` flag unless explicitly and securely authorized by the user for a trusted blueprint. Users should be warned about the security implications of this flag. | LLM | SKILL.md:330 | |
| MEDIUM | Untrusted Code Installation from External Sources The blueprint system allows installing plugins, themes, and other resources from arbitrary external URLs (`url` resource type) or Git repositories (`git:directory` resource type). If the agent is prompted to generate a blueprint that fetches code from an untrusted or compromised external source, it introduces a supply chain risk, potentially leading to the installation and execution of malicious software within the Playground environment. The agent should be trained to prioritize official or trusted sources (e.g., `wordpress.org/plugins`) and to warn users about the risks of using untrusted external URLs or Git repositories for code installation. | LLM | SKILL.md:98 |
Scan History
Embed Code
[](https://skillshield.io/report/52cde256794a05fd)
Powered by SkillShield