Back to skill

Security audit

WordPress Content REST API

Security checks across malware telemetry and agentic risk

Overview

This skill is narrowly scoped to WordPress content management and clearly discloses its credential and write-access requirements.

Install this only for WordPress sites you control or are authorized to manage. Use least-privilege application passwords or scoped bearer tokens, verify staging versus production before writes, keep the dry-run/read-before-write workflow, and require explicit approval for publishing, deletion, media uploads, taxonomy creation, or bulk updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.