shiny-bslib-theming

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This document is legitimate documentation for the bslib theming system for Shiny apps. It describes expected behavior (local file discovery, Sass rule inclusion, Google Fonts downloads, and developer theming tools). There is no evidence of malicious code or hidden exfiltration. The security concerns are operational: auto-discovery of _brand.yml can let untrusted local files affect theme generation, and font downloads introduce a network dependency. Developers should disable auto-discovery or host fonts locally in high-threat environments and remove development helpers (bs_themer/run_with_themer) from production deployments. LLM verification: Benign: The skill fragment aligns with its stated purpose of enabling advanced theming for Shiny apps via bslib, with normal dependencies on font resources and branding configuration. The only notable observations are documentation formatting artifacts (backticks) and routine network I/O for fonts, which are expected in this domain. No malicious activity or data exfiltration detected within the provided fragment.