[wp-trac] [WordPress Trac] #64769: Backport WP AI Client enhancement to harden security for using `Ability_Function_Resolver`
WordPress Trac
noreply at wordpress.org
Sun Mar 1 21:10:37 UTC 2026
#64769: Backport WP AI Client enhancement to harden security for using
`Ability_Function_Resolver`
----------------------------+------------------------------------------
Reporter: flixos90 | Owner: flixos90
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 7.0
Component: AI | Version:
Severity: normal | Keywords: needs-patch needs-unit-tests
Focuses: |
----------------------------+------------------------------------------
See https://github.com/WordPress/wp-ai-client/pull/61:
> This addresses a security weakness: At no point so far we were checking
(or at least encouraging) that the abilities called in a message are
actually among the abilities allowed for the prompt.
>
> Not checking this can lead to security vulnerabilities, e.g. through
prompt injection.
>
> While developers today could work around this by manually checking prior
to using `Ability_Function_Resolver`, this is not intuitive at all. Since
it's a security concern, it needs to be baked in and mandatory.
>
> **This is a breaking change.** The `Ability_Function_Resolver` class
becomes (mostly) non-static, and will require an instance for usage going
forward. It will require passing the list of abilities in the constructor,
in the same shape it's used on `Prompt_Builder::using_abilities()`.
**This is ''not'' an active security vulnerability.** It has been handled
in public so far, and is reasonable to do so, since it merely improves an
API to prevent potential future security issues that could have occurred
with the prior API design.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64769>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list