📦

Audit-Verlauf

roadmap-planning-expert - 7 Audits

Audit-Version 7

Neueste Sicher

Jun 28, 2026, 08:57 AM

Static analysis reported external command and weak cryptography patterns, but review found these are false positives in Markdown guidance. The flagged lines contain code fences, inline file names, and slash-command documentation, with no executable scripts, network calls, prompt injection, or secret access found.

1
Gescannte Dateien
107
Analysierte Zeilen
2
Review items
0
False positives ignored

Confirmed security concerns (2)

Niedrig
False Positive: Markdown Command References
The external command detections point to a Markdown code fence, inline roadmap file paths, and documented slash commands. These lines describe how a planning skill should organize roadmap files and invoke related commands; they do not execute shell, Ruby, or system commands.
The flagged content is plain Markdown documentation with backticks and slash-command names. No executable code, interpreter directive, subprocess API, or user-controlled command construction appears in the reviewed file.
Niedrig
False Positive: Weak Cryptography Pattern
The high-severity weak cryptography detection points to the YAML description line for roadmap and capacity planning. No hash, cipher, cryptographic API, key handling, or security-sensitive algorithm is present at that location.
Line 3 is descriptive metadata only. The semantic context confirms there is no cryptographic implementation or recommendation to use a weak algorithm.
Geprüft von: codex

Audit-Version 6

Sicher

Jan 21, 2026, 03:52 PM

This is a documentation-only skill providing strategic planning guidance and methodology. All static findings are false positives from markdown code examples. No executable code, network calls, or file operations detected. Safe for publication.

2
Gescannte Dateien
449
Analysierte Zeilen
0
Review items
0
False positives ignored
Keine Sicherheitsprobleme gefunden
Geprüft von: claude

Audit-Version 5

Mittleres Risiko Audit incomplete

Jan 16, 2026, 04:52 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Gescannte Dateien
284
Analysierte Zeilen
2
Review items
0
False positives ignored

Erkannte Muster

Weak cryptographic algorithmRuby/shell backtick execution
Geprüft von: claude

Audit-Version 4

Mittleres Risiko Audit incomplete

Jan 16, 2026, 04:52 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Gescannte Dateien
284
Analysierte Zeilen
2
Review items
0
False positives ignored

Erkannte Muster

Weak cryptographic algorithmRuby/shell backtick execution
Geprüft von: claude

Audit-Version 3

Sicher

Jan 10, 2026, 10:19 AM

This is a declarative SKILL.md training document containing only markdown-based expertise guidance. No executable code, scripts, network operations, or filesystem access beyond configuration. Pure prompt-based skill for training AI on strategic planning methodology.

1
Gescannte Dateien
107
Analysierte Zeilen
0
Review items
0
False positives ignored
Keine Sicherheitsprobleme gefunden
Geprüft von: claude

Audit-Version 2

Sicher

Jan 10, 2026, 10:19 AM

This is a declarative SKILL.md training document containing only markdown-based expertise guidance. No executable code, scripts, network operations, or filesystem access beyond configuration. Pure prompt-based skill for training AI on strategic planning methodology.

1
Gescannte Dateien
107
Analysierte Zeilen
0
Review items
0
False positives ignored
Keine Sicherheitsprobleme gefunden
Geprüft von: claude

Audit-Version 1

Sicher

Jan 10, 2026, 10:19 AM

This is a declarative SKILL.md training document containing only markdown-based expertise guidance. No executable code, scripts, network operations, or filesystem access beyond configuration. Pure prompt-based skill for training AI on strategic planning methodology.

1
Gescannte Dateien
107
Analysierte Zeilen
0
Review items
0
False positives ignored
Keine Sicherheitsprobleme gefunden
Geprüft von: claude