brand-guide
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute internal Python scripts (extract-brand.py, generate-guide.py) and interacts with a local WordPress instance using docker exec and wp-cli. These commands are standard for the skill's intended purpose of managing WordPress site documentation.\n- [PROMPT_INJECTION]:\n
- Ingestion points: The extract-brand.py script reads external content from CSS and PHP files provided in the --theme-path argument.\n
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used when processing the files.\n
- Capability inventory: The skill possesses Bash, Write, and Edit capabilities, allowing it to execute scripts and modify files.\n
- Sanitization: The script uses regular expressions to strictly filter for color hex codes and font names, which limits the risk of processing malicious instructions embedded in the theme files as executable code.
Audit Metadata