Governed ability

Get post ACF fields

aafm/acf-get-post-fields Read only

Reads all of a post's ACF field values, hydrated by field key. Requires edit access to that post.

How it is governed

The same model as every ability in the plugin, stated for this one.

  • Off until you enable it

    Like every ability, Get post ACF fields ships switched off. You turn it on one at a time, and an update never widens access on its own.

  • Reads only

    It reads data and returns it to your client. Nothing on your site is created, changed, or removed.

  • Capability gated

    A connection only sees Get post ACF fields if the user you connected can run it, and the plugin checks that capability again before it executes.

  • Every call audited

    The call is written to the log in your own database, denials included, with the argument keys but never the values.

See it in action

An illustrative run. Your real calls and data stay on your own site.

agent-abilities · audit Governed
You Get post ACF fields on this site.
Run Running aafm/acf-get-post-fields
Gate Allowed read capability confirmed
Audit aafm/acf-get-post-fields · principal: editor · args: post_id, field_key
Result Returns the data the agent asked for. Nothing on the site changes.

Try it with a prompt

Example requests you could paste to your agent.

  1. Read all the ACF field values on post 142 and show them by field key.
  2. What is stored in the subtitle and hero_image ACF fields for this landing page?
  3. Pull the custom field values for post 512 so I can review them before editing.

These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.

Frequently asked

Short answers for Get post ACF fields.

What does it read?

It reads all of a post's ACF field values, hydrated by field key. Access is limited to posts the agent can already edit.

Is this available on every site?

Only when Advanced Custom Fields is active. The ability is registered by the ACF integration and disappears if ACF is deactivated.

Can it expose sensitive data?

It returns whatever a post's ACF fields hold, so treat the output as potentially sensitive. It is off by default, requires edit access to the specific post, and each read is recorded in the audit log.

Back to all abilities

Governed by default, from the first call.

Get post ACF fields is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.

Every ability off until you enable it, capability-gated on every call.