Habilidades cookoff Historial de auditorías
📦

Historial de auditorías

cookoff - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo medio

Jun 27, 2026, 04:24 PM

The static analyzer reported many command, filesystem, weak cryptography, and reconnaissance patterns. Review found no executable malware, cryptographic code, prompt injection, or data exfiltration; most high-risk alerts are false positives from prose and examples. The remaining risk is legitimate but material because the skill instructs agents to create worktrees, run shell commands, write files, and remove git branches.

1
Archivos escaneados
396
Líneas analizadas
4
Review items
2
False positives ignored

Confirmed security concerns (2)

Medio
Shell Command Workflow Requires User Oversight
The skill gives agents shell command examples for git worktrees, directory creation, recursive diffs, worktree removal, and branch deletion. These commands are part of the stated development workflow, but they can modify or delete local repository state if used incorrectly.
The cited lines contain explicit local shell command examples. The commands are legitimate for a coding workflow, but the branch deletion and worktree cleanup commands have real repository impact.
Medio
Filesystem Writes in Generated Planning Areas
The skill instructs agents to work inside per-implementation worktrees and save plans and results under docs/plans. This is expected behavior, but it grants the workflow broad local file modification capability.
The instructions explicitly name worktree directories and output file locations. This is semantically aligned with the skill purpose, but it still modifies user files.
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Bajo
Weak Cryptography Alerts Are False Positives
The cited high-risk static alerts do not correspond to cryptographic APIs, weak hashes, ciphers, password handling, or encoded payloads. The lines are skill metadata, workflow prose, and implementation examples.
Manual review found no cryptographic implementation or credential flow in the cited context. The static hits appear keyword-driven.
Bajo
Reconnaissance Alerts Are False Positives
The reported reconnaissance locations describe test status and result rationale, not network scanning, host discovery, port probing, or system inventory collection.
The cited lines contain normal review and reporting language. No network or system reconnaissance command is present there.

Factores de riesgo

Patrones detectados

Destructive Git Cleanup Commands
Auditado por: codex

Versión de auditoría 3

Seguro

Jan 16, 2026, 01:07 PM

Pure prompt-based orchestrator skill containing only documentation and workflow guidance. No executable code, no network operations, no filesystem access, no environment variable access. All 143 static findings are false positives triggered by documentation patterns in markdown code blocks.

2
Archivos escaneados
574
Líneas analizadas
2
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 2

Seguro

Jan 16, 2026, 01:07 PM

Pure prompt-based orchestrator skill containing only documentation and workflow guidance. No executable code, no network operations, no filesystem access, no environment variable access. All 143 static findings are false positives triggered by documentation patterns in markdown code blocks.

2
Archivos escaneados
574
Líneas analizadas
2
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:12 AM

Pure prompt-based orchestrator skill containing only documentation and workflow guidance. No executable code, no network operations, no filesystem access, no environment variable access.

1
Archivos escaneados
396
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude