Habilidades generate-output Historial de auditorías
📦

Historial de auditorías

generate-output - 6 auditorías

Versión de auditoría 6

Más reciente Seguro

Jun 28, 2026, 04:19 AM

Static analysis reported external command, weak cryptography, and system reconnaissance patterns in SKILL.md. Manual review found these are false positives caused by Markdown code fences, template placeholders, and normal instructional text; no executable shell commands, cryptographic operations, reconnaissance behavior, data exfiltration, or prompt injection attempts were found.

1
Archivos escaneados
152
Líneas analizadas
3
Review items
0
False positives ignored

Confirmed security concerns (3)

Bajo
False Positive: Markdown Fences Reported as External Commands
The reported Ruby or shell backtick execution locations are Markdown code fences and example formatting. They do not invoke a shell, interpolate user input, or run commands.
The cited lines are Markdown documentation and a fenced output template. I found no executable command call or command injection path in this file.
Bajo
False Positive: Weak Cryptography Pattern in Prose
The reported weak cryptography locations contain ordinary description text, test guidance, output placeholder text, success criteria, and an example heading. They do not contain cryptographic algorithms or API calls.
Manual review of every cited line found no MD5, SHA1, DES, RC4, or similar weak cryptographic usage. The signal appears to be text matching inside normal Markdown content.
Bajo
False Positive: System Reconnaissance Pattern in Guidance
The reported reconnaissance location tells the assistant to use anti-pattern guidance when uncertain. It does not request host enumeration, environment inspection, network discovery, or system metadata collection.
The cited line is a process note about avoiding user-defined anti-patterns. I found no evidence of system reconnaissance intent or behavior.
Auditado por: codex

Versión de auditoría 5

Seguro

Jan 16, 2026, 02:49 PM

This is a pure prompt-based documentation skill with no executable code. All static findings are false positives triggered by documentation text and JSON metadata. The skill contains only markdown documentation describing a workflow for generating deliverables based on user standards.

2
Archivos escaneados
327
Líneas analizadas
1
Review items
0
False positives ignored

Factores de riesgo

Auditado por: claude

Versión de auditoría 4

Seguro

Jan 16, 2026, 02:49 PM

This is a pure prompt-based documentation skill with no executable code. All static findings are false positives triggered by documentation text and JSON metadata. The skill contains only markdown documentation describing a workflow for generating deliverables based on user standards.

2
Archivos escaneados
327
Líneas analizadas
1
Review items
0
False positives ignored

Factores de riesgo

Auditado por: claude

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:02 AM

Pure prompt-based skill with no code execution capabilities. Contains only documentation describing a workflow for generating deliverables. No filesystem access, network calls, environment variables, or external commands.

1
Archivos escaneados
152
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:02 AM

Pure prompt-based skill with no code execution capabilities. Contains only documentation describing a workflow for generating deliverables. No filesystem access, network calls, environment variables, or external commands.

1
Archivos escaneados
152
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:02 AM

Pure prompt-based skill with no code execution capabilities. Contains only documentation describing a workflow for generating deliverables. No filesystem access, network calls, environment variables, or external commands.

1
Archivos escaneados
152
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude