Trust Assessment
wp-project-triage received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Credential Harvesting from wp-config.php, Excessive Filesystem Read Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b1e542c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential Harvesting from wp-config.php The script `scripts/detect_wp_project.mjs` explicitly reads `wp-config.php` and extracts sensitive credentials such as `DB_USER`, `DB_PASSWORD`, `FTP_USER`, and `FTP_PASS`. These values are then likely included in the JSON output, making them accessible to the agent and any downstream systems that process the skill's output. Exposing database and FTP credentials, even for 'triage' purposes, poses a severe security risk. Modify `detectConfigConstants` and `detectWpCliDbCredentials` to *never* extract or output the values of sensitive constants like `DB_USER`, `DB_PASSWORD`, `FTP_USER`, `FTP_PASS`. Instead, the skill should only report the *presence* of these constants or, if absolutely necessary, a masked version (e.g., `DB_PASSWORD: '***'`). For a triage tool, simply knowing that `wp-config.php` exists and contains certain configuration types should be sufficient without exposing actual secrets. | LLM | scripts/detect_wp_project.mjs:150 | |
| MEDIUM | Excessive Filesystem Read Permissions The skill's core logic involves recursively scanning the entire `repoRoot` (current working directory) using `findFilesRecursive` and reading file contents with `readFileSafe`. While this is necessary for its stated purpose of project triage, it grants broad read access to potentially any file within the repository. If the agent's execution environment is not adequately sandboxed, or if the `repoRoot` contains unintended sensitive data (e.g., via symlinks or misconfiguration), this could lead to unintended data exposure beyond the scope of WordPress project files. Ensure the agent execution environment is strictly sandboxed, limiting its filesystem access to only the explicitly required `repoRoot` and preventing traversal outside of it. Review the `DEFAULT_IGNORES` list to ensure all common sensitive directories are excluded. Consider if the `maxDepth` and `maxFiles` limits are sufficiently restrictive for typical WordPress projects to minimize unnecessary scanning. | LLM | scripts/detect_wp_project.mjs:68 |
Scan History
Embed Code
[](https://skillshield.io/report/0857bb4efd5a2f0b)
Powered by SkillShield