WordPress WP-CLI Internal API

Security checks across malware telemetry and agentic risk

Overview

This is a focused WP-CLI coding helper; the scanner warning appears to be a false alarm on ordinary output-formatting guidance.

Reasonable to install for WP-CLI command development. Before running the helper script, use trusted command/class names, choose an intentional output path, and inspect the generated PHP before loading it into a WordPress project.

SkillSpector

By NVIDIA

Vulnerability Patterns

System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: 4. call business logic 5. format output with `WP_CLI\Utils\format_items()` or explicit success or error helpers ## Output Rules Default mapping:
Confidence: 85% confidence
Finding: Output Rules

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal