Habilidades css-development-refactor Historial de auditorías
📦

Historial de auditorías

css-development-refactor - 5 auditorías

Versión de auditoría 5

Más reciente Riesgo bajo

Jun 27, 2026, 04:32 PM

Static analysis reported many command, filesystem, weak-crypto, and network-reconnaissance patterns, but review found these are Markdown examples and normal CSS refactoring instructions. No malicious intent, exfiltration, prompt injection, or executable bundled script was found in SKILL.md.

1
Archivos escaneados
416
Líneas analizadas
2
Review items
4
False positives ignored
Static false positives ignored (4)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Bajo
External Command Guidance Is Benign
The reported command patterns are Markdown examples that recommend searching with grep and running npm test during CSS refactoring. These are expected developer actions and do not include shell interpolation, hidden downloads, persistence, or exfiltration.
The lines are fenced Markdown examples or explicit test commands. The context shows ordinary project-local validation, not dynamic command execution or attacker-controlled input.
Bajo
Filesystem Access Is Expected For Refactoring
The skill instructs the agent to read component and CSS files, edit markup, and add tests. This is necessary for a CSS refactoring workflow and no sensitive file targets or broad destructive operations are requested.
The file operations are limited to project CSS, components, and tests. There is no evidence of credential access, deletion, or unauthorized file collection.
Bajo
Weak Cryptography Matches Are Textual False Positives
The reported weak-cryptography locations occur in descriptive prose about CSS styles and documentation. No cryptographic API, hash function, encryption routine, or security-sensitive algorithm appears in the skill.
The matched lines discuss CSS refactoring and documentation content. The file contains no code invoking DES, MD5, SHA1, or any cryptographic primitive.
Bajo
Network Reconnaissance Matches Are Textual False Positives
The network-reconnaissance alerts map to normal prose and CSS documentation examples, not network tooling. No instruction asks the agent to scan hosts, open sockets, enumerate services, or contact external endpoints.
The context around the lines concerns creating CSS classes and summarizing maintainability. No network commands or external targets are present.

Factores de riesgo

⚙️ Comandos externos (3)
📁 Acceso al sistema de archivos (2)

Patrones detectados

Project-Local Shell Commands In Documentation
Auditado por: codex

Versión de auditoría 4

Seguro

Jan 21, 2026, 03:47 PM

This skill is a pure documentation resource for CSS refactoring workflows. All 71 static findings are false positives from markdown syntax being misinterpreted as executable code. The skill contains no actual scripts, network calls, or file operations, only examples in documentation blocks.

2
Archivos escaneados
1,192
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 3

Riesgo medio Audit incomplete

Jan 16, 2026, 01:20 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Archivos escaneados
593
Líneas analizadas
3
Review items
0
False positives ignored

Patrones detectados

Weak cryptographic algorithmRuby/shell backtick executionSynchronous file operationsNetwork reconnaissance
Auditado por: claude

Versión de auditoría 2

Riesgo medio Audit incomplete

Jan 16, 2026, 01:20 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Archivos escaneados
593
Líneas analizadas
3
Review items
0
False positives ignored

Patrones detectados

Weak cryptographic algorithmRuby/shell backtick executionSynchronous file operationsNetwork reconnaissance
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:15 AM

Pure prompt-based skill with no executable code. Provides guidance for AI assistants to help refactor CSS. No network calls, file modifications, or external command execution capabilities are built into the skill itself.

1
Archivos escaneados
416
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude