Fähigkeiten tests-maintenance Audit-Verlauf
🧪

Audit-Verlauf

tests-maintenance - 4 Audits

Audit-Version 4

Neueste Sicher

Jan 17, 2026, 06:41 AM

This is a legitimate test maintenance skill from JetBrains for the IdeaVim project. All 74 static findings are false positives: SHA-256 hash identifiers in metadata were misidentified as cryptographic algorithms, markdown code blocks and documentation tables were misidentified as shell execution, and standard dev commands were misidentified as reconnaissance. The skill only provides guidance for test quality review and does not execute code automatically.

2
Gescannte Dateien
447
Analysierte Zeilen
2
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (1)
SKILL.md:27-36
📁 Dateisystemzugriff (1)
SKILL.md:32-35

Audit-Version 3

Sicher

Jan 17, 2026, 06:41 AM

This is a legitimate test maintenance skill from JetBrains for the IdeaVim project. All 74 static findings are false positives: SHA-256 hash identifiers in metadata were misidentified as cryptographic algorithms, markdown code blocks and documentation tables were misidentified as shell execution, and standard dev commands were misidentified as reconnaissance. The skill only provides guidance for test quality review and does not execute code automatically.

2
Gescannte Dateien
447
Analysierte Zeilen
2
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚙️ Externe Befehle (1)
SKILL.md:27-36
📁 Dateisystemzugriff (1)
SKILL.md:32-35

Audit-Version 2

Niedriges Risiko

Jan 5, 2026, 03:46 PM

This is a prompt-based test maintenance skill from JetBrains. It provides guidance for reviewing test quality but does not execute code automatically. The skill references shell commands for test discovery and gradle for test execution, matching its documented purpose of test maintenance.

3
Gescannte Dateien
236
Analysierte Zeilen
3
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
SKILL.md:27-186
Shell command references in skill prompt
The skill references shell commands (find, grep, shuf) and gradle commands for test discovery and execution. While these are standard development tools appropriate for a test maintenance skill, shell command execution carries inherent risk if commands are dynamically constructed. In this case, commands are hardcoded patterns in the prompt instructions.

Risikofaktoren

⚙️ Externe Befehle (6)
SKILL.md:27-36 SKILL.md:44-47 SKILL.md:50 SKILL.md:59-65 SKILL.md:105-107 SKILL.md:174-186
📁 Dateisystemzugriff (4)
SKILL.md:32-35 SKILL.md:46-47 SKILL.md:61-65 SKILL.md:106-107

Audit-Version 1

Niedriges Risiko

Jan 5, 2026, 03:46 PM

This is a prompt-based test maintenance skill from JetBrains. It provides guidance for reviewing test quality but does not execute code automatically. The skill references shell commands for test discovery and gradle for test execution, matching its documented purpose of test maintenance.

3
Gescannte Dateien
236
Analysierte Zeilen
3
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (1)
SKILL.md:27-186
Shell command references in skill prompt
The skill references shell commands (find, grep, shuf) and gradle commands for test discovery and execution. While these are standard development tools appropriate for a test maintenance skill, shell command execution carries inherent risk if commands are dynamically constructed. In this case, commands are hardcoded patterns in the prompt instructions.

Risikofaktoren

⚙️ Externe Befehle (6)
SKILL.md:27-36 SKILL.md:44-47 SKILL.md:50 SKILL.md:59-65 SKILL.md:105-107 SKILL.md:174-186
📁 Dateisystemzugriff (4)
SKILL.md:32-35 SKILL.md:46-47 SKILL.md:61-65 SKILL.md:106-107
← Zurück zum Skill