Skip to main content

Security Audit

wp-playground

github.com/WordPress/agent-skills
AI SkillCommit 9b1e542c4a6b
48
CRITICAL
Scanned about 2 months ago
1
Critical
Immediate action required
1
High
Priority fixes suggested
1
Medium
Best practices review
0
Low
Acknowledged / Tracked

Trust Assessment

wp-playground received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency execution via npx, Execution of untrusted blueprints from remote URLs or local files, Potential data exposure via mounting local directories containing secrets.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.

Last analyzed on June 1, 2026 (commit 9b1e542c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis
100%
Static Code Analysis
48%
Dependency Graph
100%
LLM Behavioral Safety
100%

Behavioral Risk Signals

Network Access
2 findings
Filesystem Write
2 findings
Shell Execution
2 findings
Dynamic Code
1 finding

Security Findings3

SeverityFindingLayerLocation

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2a94f39e365a5d38.svg)](https://skillshield.io/report/2a94f39e365a5d38)
SkillShield Badge

Powered by SkillShield