Historial de auditorías

extract-design-system - 2 auditorías

Versión de auditoría 2

Más reciente Riesgo medio

Jun 28, 2026, 10:32 AM

Static analysis detected many command and weak-crypto patterns, but review found no prompt injection, malicious intent, network exfiltration, or real cryptographic code. The external-command findings are valid because the skill tells agents to run npx-based tools, so publication is acceptable only with a warning about user approval and package trust.

Archivos escaneados

101

Líneas analizadas

hallazgos

codex

Auditado por

Problemas de riesgo medio (1)

SKILL.md:28-31 SKILL.md:41-43 SKILL.md:47-49 references/workflow.md:5-6 references/workflow.md:12-14

External package execution through npx commands

The skill instructs agents to run npx playwright install chromium and npx extract-design-system commands. This matches the stated workflow, but it executes external packages and should require user approval and package trust review.

Problemas de riesgo bajo (1)

SKILL.md:2-8 references/workflow.md:5-14 references/outputs.md:3-15

Weak cryptography static findings dismissed

The high-severity weak cryptography matches appear to be false positives from markdown content and file references. I found no evidence of MD5, SHA1, DES, RC4, or other weak cryptographic algorithms in the reviewed lines.

Patrones detectados

npx command execution

Versión de auditoría 1

Riesgo medio

Apr 9, 2026, 08:47 AM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Archivos escaneados

101

Líneas analizadas

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Patrones detectados

Ruby/shell backtick executionWeak cryptographic algorithm

← Volver a Skill

Historial de auditorías

Versión de auditoría 2

Factores de riesgo

Patrones detectados

Versión de auditoría 1

Factores de riesgo

Patrones detectados