📦

Audit-Verlauf

backlink-analyzer - 2 Audits

Audit-Version 2

Neueste Niedriges Risiko

Jun 27, 2026, 06:48 PM

Static analysis reported many high-risk patterns, but review found them in Markdown examples, SEO terminology, example URLs, and relative documentation links. No executable scripts, hidden network requests, credential access, data exfiltration, or prompt injection attempts were found in the reviewed files.

3
Gescannte Dateien
1,468
Analysierte Zeilen
7
Review items
0
False positives ignored
Capability review items (4)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Niedrig
Markdown Examples Misclassified as Shell Execution
The external command alerts are Markdown code fences and output templates. They show user prompts and report formats, not executable shell commands or Ruby backticks.
The flagged ranges are fenced Markdown examples and plain text templates. No script file, command runner, or user-input command construction is present.
Niedrig
Example URLs Misclassified as Network Activity
The hardcoded URLs are examples in backlink and disavow documentation. They are not used by code to fetch, post, or transmit data.
The URLs appear inside explanatory Markdown and a sample disavow file. No network API, connector call, or automatic request logic surrounds them.
Niedrig
Relative Reference Links Misclassified as Path Traversal
The path traversal alerts are relative Markdown links to connector documentation and related skills. They do not read files or access arbitrary paths.
The affected lines are documentation hyperlinks. There is no file-system API, path concatenation, or user-controlled file access.
Geprüft von: codex

Audit-Version 1

Sicher

Feb 12, 2026, 08:56 AM

Static analysis detected 78 potential security issues across 3 files (1468 lines). After comprehensive evaluation, all findings are confirmed false positives. The detected patterns are markdown code blocks showing example commands, documentation URLs, SEO metric abbreviations (DR/DA), and relative file path references in documentation. This is a legitimate SEO analysis skill with no executable code, making it safe for marketplace publication.

3
Gescannte Dateien
1,468
Analysierte Zeilen
6
Review items
0
False positives ignored
Capability review items (3)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Niedrig
Markdown Code Blocks Flagged as External Commands
Static scanner flagged 32 instances of Ruby/shell backtick execution patterns. These are markdown code block delimiters (```) used for formatting documentation examples, not actual code execution. Found in SKILL.md and reference documentation showing bash command examples and email templates.
Clear evidence that backticks are markdown code block delimiters surrounding documentation examples, not executable code
Niedrig
Documentation URLs Flagged as Network Calls
Static scanner flagged 3 instances of hardcoded URLs as network security risks. These are example URLs in markdown documentation (e.g., spam-site.com in disavow file examples) and relative file path references, not actual network requests.
URLs appear in markdown documentation as examples within code blocks, not as executable network calls
Niedrig
Relative File Paths Flagged as Path Traversal
Static scanner flagged 12 instances of path traversal sequences (../). These are relative file path references in markdown documentation linking to other skill files (e.g., ../../CONNECTORS.md), not malicious path traversal attacks.
Parent directory references are standard markdown link syntax for documentation navigation, not exploit attempts
Geprüft von: claude