Habilidades validate-requirements Historial de auditorías
📦

Historial de auditorías

validate-requirements - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 04:32 AM

Static analysis reported command execution and weak cryptography, but the cited lines are Markdown fences, prose, and JSON examples. No shell execution, network access, secret handling, or cryptographic code is present. The skill does instruct the assistant to read saved project standards, so publication is acceptable with a low filesystem-access note.

1
Archivos escaneados
134
Líneas analizadas
2
Review items
2
False positives ignored

Confirmed security concerns (1)

Bajo
Bounded Project Standards File Access
The skill tells the assistant to load saved standards and references standards.json through a repository interface. This is legitimate for its purpose, but it relies on reading local project configuration.
The instructions clearly require reading saved project standards. The scope is narrow and local, so the risk is low rather than suspicious.
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Bajo
False Positive: Markdown Fences Reported as Command Execution
The reported Ruby or shell backtick locations are fenced JavaScript and JSON examples, plus nearby Markdown text. They do not instruct the assistant to run shell commands and contain no user-controlled command construction.
The cited content is visible Markdown code fencing or reference text, not executable Ruby or shell syntax. No command names, shell metacharacter construction, or execution instruction is present.
Bajo
False Positive: Weak Cryptography Detected in Plain Text
The weak cryptography alerts appear to match prose such as description or Describe, not cryptographic algorithms or APIs. No encryption, hashing, or credential-protection logic appears in the skill.
The flagged lines are natural-language requirements guidance and output examples. I found no evidence of DES, MD5, SHA1, or other weak cryptographic implementation.

Factores de riesgo

📁 Acceso al sistema de archivos (4)
Auditado por: codex

Versión de auditoría 5

Seguro

Jan 16, 2026, 02:58 PM

Pure documentation skill with no executable code. Contains only markdown documentation defining how an AI should validate user input requirements. All 26 static findings are false positives: markdown code fences were misidentified as shell backticks, variable names with 'Rules' were flagged as crypto algorithms, and the GitHub source URL was flagged as hardcoded network address. Previous audit correctly classified this as safe with no dangerous patterns.

2
Archivos escaneados
314
Líneas analizadas
1
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 4

Seguro

Jan 16, 2026, 02:58 PM

Pure documentation skill with no executable code. Contains only markdown documentation defining how an AI should validate user input requirements. All 26 static findings are false positives: markdown code fences were misidentified as shell backticks, variable names with 'Rules' were flagged as crypto algorithms, and the GitHub source URL was flagged as hardcoded network address. Previous audit correctly classified this as safe with no dangerous patterns.

2
Archivos escaneados
314
Líneas analizadas
1
Review items
0
False positives ignored
Auditado por: claude

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:08 AM

Pure documentation skill with no executable code. Contains only markdown documentation defining how an AI should validate user input requirements. No network calls, no command execution, no sensitive data access beyond intended scope.

1
Archivos escaneados
134
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:08 AM

Pure documentation skill with no executable code. Contains only markdown documentation defining how an AI should validate user input requirements. No network calls, no command execution, no sensitive data access beyond intended scope.

1
Archivos escaneados
134
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:08 AM

Pure documentation skill with no executable code. Contains only markdown documentation defining how an AI should validate user input requirements. No network calls, no command execution, no sensitive data access beyond intended scope.

1
Archivos escaneados
134
Líneas analizadas
0
Review items
0
False positives ignored
No se encontraron problemas de seguridad
Auditado por: claude