Skills test-orchestrator Audit-Verlauf
📦

Audit-Verlauf

test-orchestrator - 6 Audits

Audit-Version 6

Neueste Niedriges Risiko

Jun 28, 2026, 05:50 PM

The static analyzer flagged Markdown backticks, ordinary documentation text, and example code as risky patterns. Manual review found no executable skill code, no command execution instruction, no weak cryptographic implementation, and no prompt injection attempt.

1
Gescannte Dateien
273
Analysierte Zeilen
3
befunde
codex
Geprüft von
Probleme mit niedrigem Risiko (3)
SKILL.md:32SKILL.md:38SKILL.md:43SKILL.md:44SKILL.md:45SKILL.md:46SKILL.md:47SKILL.md:50SKILL.md:64SKILL.md:169SKILL.md:176SKILL.md:179SKILL.md:191SKILL.md:196SKILL.md:204SKILL.md:207SKILL.md:216SKILL.md:245SKILL.md:253SKILL.md:256
False Positive: Markdown Backticks Flagged as Shell Execution
The flagged locations are Markdown fences, inline skill names, directory tree text, or non-executed examples. No evidence found that the skill executes shell commands or directs command execution.
SKILL.md:3SKILL.md:131
False Positive: Weak Cryptography Pattern
The flagged lines contain the skill description and a test quality checklist item. No evidence found of cryptographic algorithms, hashing APIs, password handling, or encryption logic.
SKILL.md:266
False Positive: System Reconnaissance Pattern
The flagged line is a documentation heading for testing anti-patterns. No evidence found of host inspection, user enumeration, environment probing, or system information collection.

Audit-Version 5

Sicher

Jan 16, 2026, 07:48 PM

This is a pure prompt-based skill defined entirely in SKILL.md. No executable code, scripts, network calls, or filesystem access beyond its own documentation. The skill defines testing coordination patterns and quality standards only. All 12 high-risk 'weak cryptographic algorithm' findings and 20 medium-risk 'external commands' findings are false positives - the scanner misidentified documentation strings and markdown formatting as security issues.

2
Gescannte Dateien
466
Analysierte Zeilen
1
befunde
claude
Geprüft von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (20)
SKILL.md:32-38 SKILL.md:38-43 SKILL.md:43-44 SKILL.md:44-45 SKILL.md:45-46 SKILL.md:46-47 SKILL.md:47-50 SKILL.md:50-64 SKILL.md:64-169 SKILL.md:169-176 SKILL.md:176-179 SKILL.md:179-191 SKILL.md:191-196 SKILL.md:196-204 SKILL.md:204-207 SKILL.md:207-216 SKILL.md:216-245 SKILL.md:245-253 SKILL.md:253-256 SKILL.md:256-264

Audit-Version 4

Sicher

Jan 16, 2026, 07:48 PM

This is a pure prompt-based skill defined entirely in SKILL.md. No executable code, scripts, network calls, or filesystem access beyond its own documentation. The skill defines testing coordination patterns and quality standards only. All 12 high-risk 'weak cryptographic algorithm' findings and 20 medium-risk 'external commands' findings are false positives - the scanner misidentified documentation strings and markdown formatting as security issues.

2
Gescannte Dateien
466
Analysierte Zeilen
1
befunde
claude
Geprüft von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (20)
SKILL.md:32-38 SKILL.md:38-43 SKILL.md:43-44 SKILL.md:44-45 SKILL.md:45-46 SKILL.md:46-47 SKILL.md:47-50 SKILL.md:50-64 SKILL.md:64-169 SKILL.md:169-176 SKILL.md:176-179 SKILL.md:179-191 SKILL.md:191-196 SKILL.md:196-204 SKILL.md:204-207 SKILL.md:207-216 SKILL.md:216-245 SKILL.md:245-253 SKILL.md:253-256 SKILL.md:256-264

Audit-Version 3

Sicher

Jan 10, 2026, 11:37 AM

This is a pure prompt-based skill defined entirely in SKILL.md. No executable code, scripts, network calls, or filesystem access beyond its own documentation. The skill defines testing coordination patterns and quality standards only.

1
Gescannte Dateien
273
Analysierte Zeilen
0
befunde
claude
Geprüft von
Keine Sicherheitsprobleme gefunden

Audit-Version 2

Sicher

Jan 10, 2026, 11:37 AM

This is a pure prompt-based skill defined entirely in SKILL.md. No executable code, scripts, network calls, or filesystem access beyond its own documentation. The skill defines testing coordination patterns and quality standards only.

1
Gescannte Dateien
273
Analysierte Zeilen
0
befunde
claude
Geprüft von
Keine Sicherheitsprobleme gefunden

Audit-Version 1

Sicher

Jan 10, 2026, 11:37 AM

This is a pure prompt-based skill defined entirely in SKILL.md. No executable code, scripts, network calls, or filesystem access beyond its own documentation. The skill defines testing coordination patterns and quality standards only.

1
Gescannte Dateien
273
Analysierte Zeilen
0
befunde
claude
Geprüft von
Keine Sicherheitsprobleme gefunden
← Zurück zum Skill