Historial de auditorías
cookoff - 4 auditorías
Versión de auditoría 4
Más reciente Riesgo medioJun 27, 2026, 04:24 PM
The static analyzer reported many command, filesystem, weak cryptography, and reconnaissance patterns. Review found no executable malware, cryptographic code, prompt injection, or data exfiltration; most high-risk alerts are false positives from prose and examples. The remaining risk is legitimate but material because the skill instructs agents to create worktrees, run shell commands, write files, and remove git branches.
Confirmed security concerns (2)
Static false positives ignored (2)
These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.
Factores de riesgo
⚙️ Comandos externos (4)
📁 Acceso al sistema de archivos (2)
Patrones detectados
Versión de auditoría 3
SeguroJan 16, 2026, 01:07 PM
Pure prompt-based orchestrator skill containing only documentation and workflow guidance. No executable code, no network operations, no filesystem access, no environment variable access. All 143 static findings are false positives triggered by documentation patterns in markdown code blocks.
Factores de riesgo
⚙️ Comandos externos (72)
📁 Acceso al sistema de archivos (1)
Versión de auditoría 2
SeguroJan 16, 2026, 01:07 PM
Pure prompt-based orchestrator skill containing only documentation and workflow guidance. No executable code, no network operations, no filesystem access, no environment variable access. All 143 static findings are false positives triggered by documentation patterns in markdown code blocks.
Factores de riesgo
⚙️ Comandos externos (72)
📁 Acceso al sistema de archivos (1)
Versión de auditoría 1
SeguroJan 10, 2026, 09:12 AM
Pure prompt-based orchestrator skill containing only documentation and workflow guidance. No executable code, no network operations, no filesystem access, no environment variable access.