Habilidades angular-component Historial de auditorías
📦

Historial de auditorías

angular-component - 2 auditorías

Versión de auditoría 2

Más reciente Seguro

Jun 28, 2026, 08:10 AM

Static analysis reported many high and medium indicators, but review found they are false positives in Markdown documentation and TypeScript examples. The files do not define executable scripts, shell commands, credential access, data exfiltration, or prompt injection attempts, so the skill is safe to publish.

2
Archivos escaneados
648
Líneas analizadas
4
hallazgos
codex
Auditado por
Problemas de riesgo bajo (4)
references/component-patterns.md:13references/component-patterns.md:15-23references/component-patterns.md:31-46references/component-patterns.md:46-50references/component-patterns.md:50-52references/component-patterns.md:52-58references/component-patterns.md:58-63references/component-patterns.md:69-83references/component-patterns.md:83-89references/component-patterns.md:89-94references/component-patterns.md:108-136references/component-patterns.md:136-146references/component-patterns.md:146-150references/component-patterns.md:150-152references/component-patterns.md:152-158references/component-patterns.md:158-175references/component-patterns.md:175-181references/component-patterns.md:181-184references/component-patterns.md:184-197references/component-patterns.md:197-201references/component-patterns.md:201-205references/component-patterns.md:205-217references/component-patterns.md:217-224references/component-patterns.md:224-228references/component-patterns.md:228-249references/component-patterns.md:249-260references/component-patterns.md:260-264references/component-patterns.md:264-268references/component-patterns.md:268-270references/component-patterns.md:270-272references/component-patterns.md:282-287references/component-patterns.md:287-290references/component-patterns.md:290-291references/component-patterns.md:291-292references/component-patterns.md:292-293references/component-patterns.md:293-294references/component-patterns.md:294-295references/component-patterns.md:295-296references/component-patterns.md:296-298references/component-patterns.md:298-300references/component-patterns.md:306-311references/component-patterns.md:311-315references/component-patterns.md:315-329references/component-patterns.md:329-332references/component-patterns.md:332-336references/component-patterns.md:336-339references/component-patterns.md:348-358SKILL.md:8SKILL.md:12-23SKILL.md:29-30SKILL.md:33-47SKILL.md:47-56SKILL.md:56-60SKILL.md:60-76SKILL.md:76-80SKILL.md:80-97SKILL.md:97-101SKILL.md:101SKILL.md:101SKILL.md:101SKILL.md:101-103SKILL.md:103-126SKILL.md:126-141SKILL.md:141-145SKILL.md:145-148SKILL.md:158-168SKILL.md:168-172SKILL.md:172-190SKILL.md:190-201SKILL.md:201-213SKILL.md:213-224SKILL.md:224-228SKILL.md:228SKILL.md:228SKILL.md:228-230SKILL.md:230-253SKILL.md:253-257SKILL.md:257SKILL.md:257-259SKILL.md:259-267SKILL.md:267-271SKILL.md:271-273SKILL.md:273-278SKILL.md:281-286
External Command Detections Are Documentation False Positives
FALSE POSITIVE: The reported Ruby or shell backtick matches occur in Markdown code fences, Angular examples, and TypeScript template literals. They are instructional snippets, not commands executed by the skill.
SKILL.md:47
Hardcoded URL Is Example Component Data
FALSE POSITIVE: The URL at SKILL.md line 47 is an example avatar endpoint inside a computed Angular property. It does not perform a network request from the skill itself.
SKILL.md:3SKILL.md:173SKILL.md:175SKILL.md:188
Weak Cryptography Alerts Are Token Matches
FALSE POSITIVE: The weak-cryptography alerts match ordinary Angular wording such as change detection and OnDestroy lifecycle examples. No cryptographic API or hash algorithm is used.
SKILL.md:32references/component-patterns.md:244
System Reconnaissance Alerts Are Benign Examples
FALSE POSITIVE: The system reconnaissance alerts point to CSS/template and data-model examples, not host inspection commands. No file, process, network, or environment enumeration is present.

Versión de auditoría 1

Seguro

Feb 15, 2026, 08:42 AM

All static findings are false positives. The skill contains legitimate Angular v20+ component documentation with signal-based inputs, outputs, host bindings, content projection, and lifecycle hooks. The 91 flagged patterns are markdown code fences for TypeScript examples, not actual shell commands or security vulnerabilities.

2
Archivos escaneados
648
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo bajo (4)
SKILL.md:8-286references/component-patterns.md:13-358
External Commands False Positive
Static analyzer flagged markdown backticks as shell command execution. These are code fences for TypeScript/HTML examples in documentation, not actual command execution.
SKILL.md:47
Hardcoded URL False Positive
Example URL in documentation flagged as hardcoded URL. This is a legitimate example domain for avatar URL construction.
SKILL.md:3-188
Weak Cryptographic Algorithm False Positive
Analyzer incorrectly flagged lifecycle method names and import statements as weak crypto algorithms.
SKILL.md:32references/component-patterns.md:244
System Reconnaissance False Positive
Analyzer incorrectly flagged Angular component patterns as system reconnaissance.
← Volver a Skill