Habilidades code-review-playbook Historial de auditorías
📦

Historial de auditorías

code-review-playbook - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 09:42 AM

Static command, crypto, reconnaissance, and network flags were reviewed as Markdown examples, checklist labels, or documentation links rather than executable behavior. No malicious intent, prompt-injection text, credential exfiltration, or runnable command execution was found. The main concern is that copyable LLM review automation examples interpolate untrusted diffs and code into prompts without prompt-injection guidance.

4
Archivos escaneados
1,983
Líneas analizadas
4
hallazgos
codex
Auditado por
Problemas de riesgo medio (1)
SKILL.md:610-638SKILL.md:719-752
Untrusted Code Interpolated Into LLM Review Prompts
The skill includes copyable TypeScript examples that place PR diffs, codebase context, and source code directly inside LLM prompt strings. This is not executable by the skill itself, but users who adopt the pattern should add prompt-injection boundaries and treat reviewed code as untrusted input.
Problemas de riesgo bajo (3)
SKILL.md:70-74templates/pr-template.md:65-69checklists/code-review-checklist.md:271-299templates/review-feedback-template.md:56-67
Static Command Execution Flags Are Markdown Examples
The external command detections come from Markdown fences, inline code, and review instructions such as git checkout, npm audit, pip-audit, and TypeScript examples. No script file, runtime hook, or automatic command execution path was found.
checklists/code-review-checklist.md:154-171SKILL.md:705-752templates/review-feedback-template.md:249
Static Crypto and Reconnaissance Flags Are Review Vocabulary
The weak cryptography, system reconnaissance, and network reconnaissance detections are checklist and template language for reviewers. They describe what users should look for in reviewed code and do not implement crypto, scanning, or reconnaissance behavior.
SKILL.md:598templates/pr-template.md:69
Hardcoded URLs Are Documentation References
The network flags point to an Anthropic documentation link and a localhost testing placeholder. They do not send data to an external service and do not indicate exfiltration.

Versión de auditoría 5

Seguro

Jan 16, 2026, 04:26 PM

This is a pure prompt-based documentation skill containing only code review checklists, templates, and best practices. No executable code, network calls, file system access beyond reading its own markdown files, or external command execution capabilities. All TypeScript code snippets are embedded examples for illustration purposes only.

5
Archivos escaneados
2,191
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (109)
checklists/code-review-checklist.md:171 checklists/code-review-checklist.md:271 checklists/code-review-checklist.md:272 checklists/code-review-checklist.md:273 checklists/code-review-checklist.md:285 checklists/code-review-checklist.md:286 checklists/code-review-checklist.md:299 checklists/code-review-checklist.md:299 SKILL.md:70-74 SKILL.md:74-105 SKILL.md:105-116 SKILL.md:116-117 SKILL.md:117-119 SKILL.md:119-127 SKILL.md:127-135 SKILL.md:135-148 SKILL.md:148-152 SKILL.md:152-154 SKILL.md:154-161 SKILL.md:161-164 SKILL.md:164-165 SKILL.md:165-287 SKILL.md:287-288 SKILL.md:288-298 SKILL.md:298-299 SKILL.md:299-337 SKILL.md:337-340 SKILL.md:340-341 SKILL.md:341-344 SKILL.md:344-350 SKILL.md:350-351 SKILL.md:351-361 SKILL.md:361-363 SKILL.md:363-385 SKILL.md:385-397 SKILL.md:397-406 SKILL.md:406-408 SKILL.md:408 SKILL.md:408-410 SKILL.md:410-417 SKILL.md:417-419 SKILL.md:419-451 SKILL.md:451-491 SKILL.md:491-495 SKILL.md:495-531 SKILL.md:531-600 SKILL.md:600-627 SKILL.md:649-657 SKILL.md:657-663 SKILL.md:663-703 SKILL.md:703-709 SKILL.md:709-734 SKILL.md:752-758 SKILL.md:758-764 SKILL.md:764-809 SKILL.md:809-815 SKILL.md:815-857 SKILL.md:857-863 SKILL.md:863-873 SKILL.md:873-874 SKILL.md:874-881 SKILL.md:881-882 SKILL.md:882-883 SKILL.md:883-886 SKILL.md:886-889 SKILL.md:889-890 templates/pr-template.md:65 templates/pr-template.md:66 templates/pr-template.md:67 templates/pr-template.md:68 templates/pr-template.md:69 templates/pr-template.md:82 templates/pr-template.md:88 templates/pr-template.md:89 templates/pr-template.md:90 templates/pr-template.md:91 templates/pr-template.md:208 templates/pr-template.md:208 templates/pr-template.md:209 templates/pr-template.md:209 templates/review-feedback-template.md:30 templates/review-feedback-template.md:46 templates/review-feedback-template.md:47 templates/review-feedback-template.md:47 templates/review-feedback-template.md:47 templates/review-feedback-template.md:56-67 templates/review-feedback-template.md:67-87 templates/review-feedback-template.md:87-88 templates/review-feedback-template.md:88 templates/review-feedback-template.md:88-91 templates/review-feedback-template.md:91-93 templates/review-feedback-template.md:93-96 templates/review-feedback-template.md:96-98 templates/review-feedback-template.md:98-111 templates/review-feedback-template.md:111-123 templates/review-feedback-template.md:123 templates/review-feedback-template.md:123-124 templates/review-feedback-template.md:124-135 templates/review-feedback-template.md:135-142 templates/review-feedback-template.md:142-147 templates/review-feedback-template.md:147-150 templates/review-feedback-template.md:150-157 templates/review-feedback-template.md:157-161 templates/review-feedback-template.md:161-162 templates/review-feedback-template.md:162-165 templates/review-feedback-template.md:165-171 templates/review-feedback-template.md:171-175 templates/review-feedback-template.md:175-203 templates/review-feedback-template.md:203-217
🌐 Acceso a red (2)
SKILL.md:598 templates/pr-template.md:69

Versión de auditoría 4

Seguro

Jan 16, 2026, 04:26 PM

This is a pure prompt-based documentation skill containing only code review checklists, templates, and best practices. No executable code, network calls, file system access beyond reading its own markdown files, or external command execution capabilities. All TypeScript code snippets are embedded examples for illustration purposes only.

5
Archivos escaneados
2,191
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (109)
checklists/code-review-checklist.md:171 checklists/code-review-checklist.md:271 checklists/code-review-checklist.md:272 checklists/code-review-checklist.md:273 checklists/code-review-checklist.md:285 checklists/code-review-checklist.md:286 checklists/code-review-checklist.md:299 checklists/code-review-checklist.md:299 SKILL.md:70-74 SKILL.md:74-105 SKILL.md:105-116 SKILL.md:116-117 SKILL.md:117-119 SKILL.md:119-127 SKILL.md:127-135 SKILL.md:135-148 SKILL.md:148-152 SKILL.md:152-154 SKILL.md:154-161 SKILL.md:161-164 SKILL.md:164-165 SKILL.md:165-287 SKILL.md:287-288 SKILL.md:288-298 SKILL.md:298-299 SKILL.md:299-337 SKILL.md:337-340 SKILL.md:340-341 SKILL.md:341-344 SKILL.md:344-350 SKILL.md:350-351 SKILL.md:351-361 SKILL.md:361-363 SKILL.md:363-385 SKILL.md:385-397 SKILL.md:397-406 SKILL.md:406-408 SKILL.md:408 SKILL.md:408-410 SKILL.md:410-417 SKILL.md:417-419 SKILL.md:419-451 SKILL.md:451-491 SKILL.md:491-495 SKILL.md:495-531 SKILL.md:531-600 SKILL.md:600-627 SKILL.md:649-657 SKILL.md:657-663 SKILL.md:663-703 SKILL.md:703-709 SKILL.md:709-734 SKILL.md:752-758 SKILL.md:758-764 SKILL.md:764-809 SKILL.md:809-815 SKILL.md:815-857 SKILL.md:857-863 SKILL.md:863-873 SKILL.md:873-874 SKILL.md:874-881 SKILL.md:881-882 SKILL.md:882-883 SKILL.md:883-886 SKILL.md:886-889 SKILL.md:889-890 templates/pr-template.md:65 templates/pr-template.md:66 templates/pr-template.md:67 templates/pr-template.md:68 templates/pr-template.md:69 templates/pr-template.md:82 templates/pr-template.md:88 templates/pr-template.md:89 templates/pr-template.md:90 templates/pr-template.md:91 templates/pr-template.md:208 templates/pr-template.md:208 templates/pr-template.md:209 templates/pr-template.md:209 templates/review-feedback-template.md:30 templates/review-feedback-template.md:46 templates/review-feedback-template.md:47 templates/review-feedback-template.md:47 templates/review-feedback-template.md:47 templates/review-feedback-template.md:56-67 templates/review-feedback-template.md:67-87 templates/review-feedback-template.md:87-88 templates/review-feedback-template.md:88 templates/review-feedback-template.md:88-91 templates/review-feedback-template.md:91-93 templates/review-feedback-template.md:93-96 templates/review-feedback-template.md:96-98 templates/review-feedback-template.md:98-111 templates/review-feedback-template.md:111-123 templates/review-feedback-template.md:123 templates/review-feedback-template.md:123-124 templates/review-feedback-template.md:124-135 templates/review-feedback-template.md:135-142 templates/review-feedback-template.md:142-147 templates/review-feedback-template.md:147-150 templates/review-feedback-template.md:150-157 templates/review-feedback-template.md:157-161 templates/review-feedback-template.md:161-162 templates/review-feedback-template.md:162-165 templates/review-feedback-template.md:165-171 templates/review-feedback-template.md:171-175 templates/review-feedback-template.md:175-203 templates/review-feedback-template.md:203-217
🌐 Acceso a red (2)
SKILL.md:598 templates/pr-template.md:69

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:31 AM

This is a pure prompt-based documentation skill containing only code review checklists, templates, and best practices. No executable code, network calls, file system access beyond reading its own markdown files, or external command execution capabilities. All TypeScript code snippets are embedded examples for illustration purposes only.

4
Archivos escaneados
1,983
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:31 AM

This is a pure prompt-based documentation skill containing only code review checklists, templates, and best practices. No executable code, network calls, file system access beyond reading its own markdown files, or external command execution capabilities. All TypeScript code snippets are embedded examples for illustration purposes only.

4
Archivos escaneados
1,983
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:31 AM

This is a pure prompt-based documentation skill containing only code review checklists, templates, and best practices. No executable code, network calls, file system access beyond reading its own markdown files, or external command execution capabilities. All TypeScript code snippets are embedded examples for illustration purposes only.

4
Archivos escaneados
1,983
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill