Security risk report for @forgecat/anthropics_skills_brand-guidelines v0.0.4
Source Integrity
Low
Profile claims origin from Anthropic's official skills repository (https://github.com/anthropics/skills) with specific commit hash (5128e18), consistent with legitimate supply chain.
No typosquatted dependencies, attacker-controlled packages, or suspicious external URLs injected into installation or build instructions.
Agent Intent
Low
Content is purely descriptive documentation of brand color and typography guidelines; no instructions to manipulate the AI, ignore system prompts, or alter its behavior.
No guidance poisoning: recommends only standard, well-known fonts (Poppins, Lora, Arial, Georgia) with legitimate fallback logic; no malicious code templates or security-weakening directives.
No prompt injection, role hijacking, credential exfiltration, or system prompt leakage attempts.
Details
Evidence
Skill description: 'Applies Anthropic's official brand colors and typography to any sort of artifact...'
Font management section: 'Uses system-installed Poppins and Lora fonts when available; Provides automatic fallback to Arial (headings) and Georgia (body)'
Color application: 'Uses RGB color values for precise brand matching; Applied via python-pptx's RGBColor class'
Permissions
Low
No tools or hooks declared in the profile; skill is purely informational (brand color/typography reference).
No file system access, shell execution, network requests, or excessive agency requested.