Habilidades allra-test-writing Historial de auditorías
📦

Historial de auditorías

allra-test-writing - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 08:13 AM

Static analysis reported many external command and blocker patterns, but review found they are markdown backticks, Java examples, and test documentation. No prompt injection, credential access, network exfiltration, or malicious behavior was found. The skill includes benign Gradle and Maven test command examples, so external command risk is retained as a low-risk publication warning.

1
Archivos escaneados
781
Líneas analizadas
5
hallazgos
codex
Auditado por
Problemas de riesgo bajo (4)
SKILL.md:26SKILL.md:39-46SKILL.md:104-127SKILL.md:500-516SKILL.md:635-669
Markdown Backticks Misclassified as Shell Execution
The Ruby or shell backtick alerts point to markdown inline code, markdown code fences, and Java test examples. They do not execute commands or define executable Ruby code.
SKILL.md:3
Weak Cryptography Alert Is a Metadata False Positive
The weak cryptographic algorithm alert points to the frontmatter description. No cryptographic algorithm, hashing function, or security implementation is present at that location.
SKILL.md:111SKILL.md:137SKILL.md:162SKILL.md:447SKILL.md:619
System Reconnaissance Alerts Are Java Test Method Names
The reconnaissance alerts match words inside Java test examples, such as test method names and repository calls. No commands collect host, user, network, or environment information.
SKILL.md:758-762SKILL.md:766-770
Benign Local Test Command Examples
The skill documents Gradle and Maven test commands for local project validation. These are normal developer workflows, but running project wrappers can execute local project code, so users should use trusted repositories.

Factores de riesgo

⚙️ Comandos externos (2)
SKILL.md:758-762 SKILL.md:766-770

Versión de auditoría 5

Seguro

Jan 16, 2026, 03:22 PM

This is a pure documentation skill containing only markdown guidelines for Java/Spring Boot testing standards. The static analyzer flagged 105 'issues' but ALL findings are FALSE POSITIVES. The 'backtick execution' detections are markdown code block delimiters, not Ruby/shell commands. 'C2 keywords' and 'weak crypto' flags are triggered by metadata field names (content_hash, tree_hash) and Java variable names in test examples (execute, trigger, command). No executable code, scripts, or network calls exist. This skill only provides documentation for test writing patterns and is safe for publishing.

2
Archivos escaneados
960
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (72)
SKILL.md:26 SKILL.md:26 SKILL.md:26 SKILL.md:39-46 SKILL.md:46-58 SKILL.md:58-96 SKILL.md:96-104 SKILL.md:104-127 SKILL.md:127-133 SKILL.md:133-150 SKILL.md:150-152 SKILL.md:152-158 SKILL.md:158-171 SKILL.md:171-177 SKILL.md:177-190 SKILL.md:190-196 SKILL.md:196-217 SKILL.md:217-223 SKILL.md:223-237 SKILL.md:237-243 SKILL.md:243-262 SKILL.md:262-274 SKILL.md:274-299 SKILL.md:299-303 SKILL.md:303-305 SKILL.md:305-334 SKILL.md:334-350 SKILL.md:350-373 SKILL.md:373-381 SKILL.md:381-387 SKILL.md:387-390 SKILL.md:390-394 SKILL.md:394-398 SKILL.md:398-404 SKILL.md:404-411 SKILL.md:411-414 SKILL.md:414-418 SKILL.md:418-422 SKILL.md:422-428 SKILL.md:428-437 SKILL.md:437-440 SKILL.md:440-444 SKILL.md:444-451 SKILL.md:451-461 SKILL.md:461-464 SKILL.md:464-466 SKILL.md:466-474 SKILL.md:474-478 SKILL.md:478-492 SKILL.md:492-500 SKILL.md:500-516 SKILL.md:516-522 SKILL.md:522-543 SKILL.md:543-551 SKILL.md:551-561 SKILL.md:561-565 SKILL.md:565-574 SKILL.md:574-582 SKILL.md:582-588 SKILL.md:588-592 SKILL.md:592-601 SKILL.md:601-609 SKILL.md:609-631 SKILL.md:631-635 SKILL.md:635-665 SKILL.md:665-669 SKILL.md:669-694 SKILL.md:694-721 SKILL.md:721-758 SKILL.md:758-762 SKILL.md:762-766 SKILL.md:766-770

Versión de auditoría 4

Seguro

Jan 16, 2026, 03:22 PM

This is a pure documentation skill containing only markdown guidelines for Java/Spring Boot testing standards. The static analyzer flagged 105 'issues' but ALL findings are FALSE POSITIVES. The 'backtick execution' detections are markdown code block delimiters, not Ruby/shell commands. 'C2 keywords' and 'weak crypto' flags are triggered by metadata field names (content_hash, tree_hash) and Java variable names in test examples (execute, trigger, command). No executable code, scripts, or network calls exist. This skill only provides documentation for test writing patterns and is safe for publishing.

2
Archivos escaneados
960
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (72)
SKILL.md:26 SKILL.md:26 SKILL.md:26 SKILL.md:39-46 SKILL.md:46-58 SKILL.md:58-96 SKILL.md:96-104 SKILL.md:104-127 SKILL.md:127-133 SKILL.md:133-150 SKILL.md:150-152 SKILL.md:152-158 SKILL.md:158-171 SKILL.md:171-177 SKILL.md:177-190 SKILL.md:190-196 SKILL.md:196-217 SKILL.md:217-223 SKILL.md:223-237 SKILL.md:237-243 SKILL.md:243-262 SKILL.md:262-274 SKILL.md:274-299 SKILL.md:299-303 SKILL.md:303-305 SKILL.md:305-334 SKILL.md:334-350 SKILL.md:350-373 SKILL.md:373-381 SKILL.md:381-387 SKILL.md:387-390 SKILL.md:390-394 SKILL.md:394-398 SKILL.md:398-404 SKILL.md:404-411 SKILL.md:411-414 SKILL.md:414-418 SKILL.md:418-422 SKILL.md:422-428 SKILL.md:428-437 SKILL.md:437-440 SKILL.md:440-444 SKILL.md:444-451 SKILL.md:451-461 SKILL.md:461-464 SKILL.md:464-466 SKILL.md:466-474 SKILL.md:474-478 SKILL.md:478-492 SKILL.md:492-500 SKILL.md:500-516 SKILL.md:516-522 SKILL.md:522-543 SKILL.md:543-551 SKILL.md:551-561 SKILL.md:561-565 SKILL.md:565-574 SKILL.md:574-582 SKILL.md:582-588 SKILL.md:588-592 SKILL.md:592-601 SKILL.md:601-609 SKILL.md:609-631 SKILL.md:631-635 SKILL.md:635-665 SKILL.md:665-669 SKILL.md:669-694 SKILL.md:694-721 SKILL.md:721-758 SKILL.md:758-762 SKILL.md:762-766 SKILL.md:766-770

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:19 AM

Pure documentation skill containing only markdown guidelines. No executable code, scripts, network calls, or file system access. Safe for publishing.

1
Archivos escaneados
781
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:19 AM

Pure documentation skill containing only markdown guidelines. No executable code, scripts, network calls, or file system access. Safe for publishing.

1
Archivos escaneados
781
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:19 AM

Pure documentation skill containing only markdown guidelines. No executable code, scripts, network calls, or file system access. Safe for publishing.

1
Archivos escaneados
781
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill