Audit-Verlauf
churn-prevention - 2 Audits
Audit-Version 2
Neueste Niedriges RisikoJun 29, 2026, 02:07 AM
Static analysis reported weak cryptography, command execution, and path traversal patterns. Manual review found the weak cryptography and command execution alerts are false positives caused by Markdown examples, code-formatted labels, and business terms; no executable scripts, network calls, or prompt injection evidence were found. A low filesystem concern remains because the skill asks agents to read local marketing context and links to documentation outside the skill directory.
Probleme mit niedrigem Risiko (4)
Risikofaktoren
📁 Dateisystemzugriff (3)
Audit-Version 1
SicherMar 18, 2026, 08:23 AM
All static analysis findings are false positives. The skill consists of markdown documentation (SKILL.md, references/*.md) and JSON test cases (evals/evals.json) with no executable code. Pattern matches for 'weak cryptographic algorithm', 'shell backtick execution', 'path traversal', and 'reconnaissance' occur in documentation examples and test assertion text, not in runnable code. The skill provides legitimate SaaS retention guidance including cancel flow design, dunning email sequences, and payment recovery strategies.