Habilidades repo-docs Historial de auditorías
📦

Historial de auditorías

repo-docs - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 11:50 AM

Static analysis reported many high and critical alerts, but review found they are mostly markdown templates, grep examples, and regex strings rather than active malicious behavior. The package includes Python helper scripts that recursively read local repository files for documentation analysis, so users should run it only on repositories they intend to document. No prompt injection attempt, credential exfiltration, unauthorized network request, or destructive action was found.

10
Archivos escaneados
1,533
Líneas analizadas
6
hallazgos
codex
Auditado por
Problemas de riesgo bajo (3)
scripts/analyze-repo-structure.py:152-155scripts/find-integration-points.py:149-160
Local Repository Files Are Read Recursively
The helper scripts accept a repository path and scan files under that path to detect technologies and integration references. This is intended for documentation, but it may expose private file names or import strings in generated output if run on sensitive repositories.
SKILL.md:194-197examples/README-template.md:7-20examples/CONTRIBUTING-template.md:17-34references/tech-detection.md:146-169
Static Command Alerts Are Documentation Examples
Many command-execution findings refer to markdown command blocks, placeholder install commands, grep examples, or the skill instruction to run its helper script. These are not dynamic shell execution in code, but users should review commands before copying them into project docs.
examples/README-template.md:12examples/CONTRIBUTING-template.md:19-22references/tech-detection.md:118-161references/integration-patterns.md:66-72
Static Network And Path Alerts Are False Positives
Network alerts are placeholder clone URLs, HTTP client names, and detection regexes. The path traversal alert is an example of an incorrect relative import in documentation, not filesystem traversal logic.

Factores de riesgo

⚡ Contiene scripts (3)
scripts/analyze-repo-structure.py:233-248 scripts/find-integration-points.py:225-249 SKILL.md:189-197
📁 Acceso al sistema de archivos (4)
scripts/analyze-repo-structure.py:152-155 scripts/analyze-repo-structure.py:239-245 scripts/find-integration-points.py:149-160 scripts/find-integration-points.py:236-243
⚙️ Comandos externos (4)
SKILL.md:194-197 examples/README-template.md:7-20 examples/CONTRIBUTING-template.md:17-34 references/tech-detection.md:146-169

Versión de auditoría 5

Riesgo bajo

Jan 16, 2026, 05:01 PM

Documentation generation skill with clean security posture. All static findings are FALSE POSITIVES caused by the scanner misinterpreting markdown template code blocks and pattern definitions as actual security-relevant code. The Python scripts perform safe static analysis (file reading and pattern matching) without executing code or making network calls. The skill only reads repository files locally and outputs documentation to stdout.

11
Archivos escaneados
1,818
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/find-integration-points.py:1-255
📁 Acceso al sistema de archivos (1)
scripts/find-integration-points.py:118-187

Versión de auditoría 4

Riesgo bajo

Jan 16, 2026, 05:01 PM

Documentation generation skill with clean security posture. All static findings are FALSE POSITIVES caused by the scanner misinterpreting markdown template code blocks and pattern definitions as actual security-relevant code. The Python scripts perform safe static analysis (file reading and pattern matching) without executing code or making network calls. The skill only reads repository files locally and outputs documentation to stdout.

11
Archivos escaneados
1,818
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
scripts/find-integration-points.py:1-255
📁 Acceso al sistema de archivos (1)
scripts/find-integration-points.py:118-187

Versión de auditoría 3

Riesgo bajo

Jan 10, 2026, 10:35 AM

Legitimate documentation generation skill with clean security posture. Contains Python scripts that perform safe static analysis (file reading and pattern matching) without executing code or making network calls. All capabilities directly serve the stated documentation purpose.

10
Archivos escaneados
1,533
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (2)
scripts/analyze-repo-structure.py:1-272 scripts/find-integration-points.py:1-255
📁 Acceso al sistema de archivos (2)
scripts/analyze-repo-structure.py:82-96 scripts/find-integration-points.py:118-187

Versión de auditoría 2

Riesgo bajo

Jan 10, 2026, 10:35 AM

Legitimate documentation generation skill with clean security posture. Contains Python scripts that perform safe static analysis (file reading and pattern matching) without executing code or making network calls. All capabilities directly serve the stated documentation purpose.

10
Archivos escaneados
1,533
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (2)
scripts/analyze-repo-structure.py:1-272 scripts/find-integration-points.py:1-255
📁 Acceso al sistema de archivos (2)
scripts/analyze-repo-structure.py:82-96 scripts/find-integration-points.py:118-187

Versión de auditoría 1

Riesgo bajo

Jan 10, 2026, 10:35 AM

Legitimate documentation generation skill with clean security posture. Contains Python scripts that perform safe static analysis (file reading and pattern matching) without executing code or making network calls. All capabilities directly serve the stated documentation purpose.

10
Archivos escaneados
1,533
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (2)
scripts/analyze-repo-structure.py:1-272 scripts/find-integration-points.py:1-255
📁 Acceso al sistema de archivos (2)
scripts/analyze-repo-structure.py:82-96 scripts/find-integration-points.py:118-187
← Volver a Skill