Create a structured design brief before building or redesigning a WordPress site. If the request is underspecified, this returns one scope question: empty site to iterate on later, or designed site now. Call this before wpdev_site_create for designed site builds unless the user only wants an empt...
AI agents use wpdev_site_design_brief to create or update resources in WordPress Developer MCP Server — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your WordPress Developer MCP Server environment.
The tool generates a design brief document/structure as output to guide subsequent site building. This is a preparatory write operation that creates new metadata/documentation without executing infrastructure changes, deploying code, or modifying existing sites. The severity is low because a design brief is reversible, non-destructive, and poses minimal risk even if misused—it's an informational artifact.
From the tool's definition Tool description states it 'Create[s] a structured design brief' and returns data for use in site building workflows. This is creating/documenting structured data (a design brief) rather than modifying existing systems or executing operations.
Documented attack patterns abuse exactly the kind of access wpdev_site_design_brief gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and WordPress Developer MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for wpdev_site_design_brief:
{
"version": "1",
"default": "deny",
"tools": {
"wpdev_site_design_brief": {
"limits": [
{
"counter": "wpdev_site_design_brief_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}wpdev_site_design_brief stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Create a structured design brief before building or redesigning a WordPress site. If the request is underspecified, this returns one scope question: empty site to iterate on later, or designed site now. Call this before wpdev_site_create for designed site builds unless the user only wants an empty test site. Use the returned referencePatterns for inspiration, but do not copy real websites. Follow the buildWorkflow and qualityBar while building. It is categorised as a Write tool in the WordPress Developer MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the WordPress Developer MCP Server MCP server in PolicyLayer and add a rule for wpdev_site_design_brief: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches WordPress Developer MCP Server. Nothing to install.
wpdev_site_design_brief is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the wpdev_site_design_brief rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for wpdev_site_design_brief. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
wpdev_site_design_brief is provided by the WordPress Developer MCP Server MCP server (nightnei/wordpress-developer-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 25 WordPress Developer MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
25 WordPress Developer MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.