Habilidades css-development-validate Historial de auditorías
📦

Historial de auditorías

css-development-validate - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo bajo

Jun 27, 2026, 04:34 PM

Static analysis reported command execution, weak cryptography, and network reconnaissance patterns, but review found these are Markdown backticks, prose, and CSS example snippets. No executable scripts, network behavior, prompt injection, credential access, or malicious intent were found in SKILL.md. The skill is safe to publish with a low risk note for false-positive static detections.

1
Archivos escaneados
357
Líneas analizadas
0
Review items
3
False positives ignored
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Bajo
False positive: Markdown backticks flagged as command execution
The external command detections are Markdown inline code spans and fenced examples in SKILL.md. They describe CSS review steps and sample CSS, HTML, TypeScript, and Markdown output rather than Ruby backtick execution or shell command execution.
The flagged syntax appears inside Markdown formatting and example blocks only. I found no executable script, command string construction, or instruction to run external commands.
Bajo
False positive: Prose flagged as weak cryptography
The weak cryptographic algorithm detections occur in ordinary descriptive text and class naming examples. No evidence found of cryptographic functions, password handling, hashing calls, MD5, DES, SHA1, or encryption code.
The semantic context is CSS review documentation, not security-sensitive code. The static matches appear to come from substrings in words such as description or examples.
Bajo
False positive: CSS review text flagged as network reconnaissance
The network reconnaissance detections are inside a sample HTML button and prose about repeated style patterns. No evidence found of network scanning, host discovery, sockets, HTTP requests, or data exfiltration behavior.
The referenced lines contain CSS validation examples, not networking APIs or reconnaissance tooling. The surrounding workflow remains limited to reading and reviewing project CSS files.
No se encontraron problemas de seguridad
Auditado por: codex

Versión de auditoría 3

Seguro

Jan 16, 2026, 01:23 PM

Pure documentation skill with no executable code. All 'external_commands' detections are markdown code examples showing CSS patterns, not actual shell commands. The skill only reads CSS files for validation as designed. No network, filesystem write, or command execution capabilities exist. Static scanner misidentified documentation examples as executable patterns.

2
Archivos escaneados
547
Líneas analizadas
1
Review items
0
False positives ignored

Factores de riesgo

📁 Acceso al sistema de archivos (1)
Auditado por: claude

Versión de auditoría 2

Seguro

Jan 16, 2026, 01:23 PM

Pure documentation skill with no executable code. All 'external_commands' detections are markdown code examples showing CSS patterns, not actual shell commands. The skill only reads CSS files for validation as designed. No network, filesystem write, or command execution capabilities exist. Static scanner misidentified documentation examples as executable patterns.

2
Archivos escaneados
547
Líneas analizadas
1
Review items
0
False positives ignored

Factores de riesgo

📁 Acceso al sistema de archivos (1)
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:16 AM

Pure prompt-based skill with no code execution capabilities. Only reads CSS files for validation as stated in its purpose. No network, filesystem write, or command execution capabilities.

1
Archivos escaneados
357
Líneas analizadas
1
Review items
0
False positives ignored

Factores de riesgo

📁 Acceso al sistema de archivos (1)
Auditado por: claude