Historial de auditorías - agentic-structure

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 01:12 PM

Static analysis reported many critical and high patterns, but review found them to be documentation false positives, mostly Markdown backticks, security terminology, and examples that warn against unsafe practices. No prompt injection, credential access, malware behavior, or command execution intent was found. The remaining low risk is that the knowledge protocol describes creating reference files and using web fetches for documentation.

8

Archivos escaneados

1,243

Líneas analizadas

6

hallazgos

codex

Auditado por

Problemas de riesgo bajo (4)

guidelines/KNOWLEDGE_SHARING.md:32-33 guidelines/KNOWLEDGE_SHARING.md:47 guidelines/KNOWLEDGE_SHARING.md:217-228

Filesystem Reference Workflow Requires Awareness

The skill instructs agents to create and update reference Markdown files under references/[topic]. This is a legitimate documentation workflow, not malicious persistence. Risk is low because paths are scoped and no sensitive files are targeted. Confidence: 0.82. Confidence reasoning: Direct file creation guidance appears in the knowledge protocol, but the context is documentation for user-provided references and cleanup.

guidelines/KNOWLEDGE_SHARING.md:38-44 guidelines/KNOWLEDGE_SHARING.md:128-131 guidelines/KNOWLEDGE_SHARING.md:180-183

Web Reference Workflow Requires Source Review

The skill tells agents to use web fetching when users provide URLs or when technical information is needed. This is a bounded research workflow, not data exfiltration. Risk is low because it does not direct sending secrets or private code to external services. Confidence: 0.80. Confidence reasoning: The network-related guidance is explicit, but its purpose is retrieving and documenting external technical references.

SKILL.md:17-23 SKILL.md:36 guidelines/SECURITY_GUIDELINES.md:41-46

Static Critical and High Matches Are Documentation False Positives

The Windows SAM and weak cryptography alerts do not indicate credential access or unsafe cryptography. The reviewed lines are guideline links, security advice, or recommendations against MD5, SHA-1, and raw SHA-256 for passwords. Confidence: 0.96. Confidence reasoning: The cited files contain prose and security best practices, with no executable code or instructions to access credential stores.

guidelines/CODING_STANDARDS.md:45-51 guidelines/KNOWLEDGE_SHARING.md:50-64 guidelines/ERROR_HANDLING.md:82

External Command Alerts Are Markdown and Tool-Name False Positives

The Ruby backtick execution alerts are caused by Markdown code fences, inline code, and references to Read, Grep, Glob, and WebFetch. No shell execution command or arbitrary command template was found. Confidence: 0.94. Confidence reasoning: The matched backticks wrap documentation examples and filenames, not executable Ruby or shell code.

Factores de riesgo

📁 Acceso al sistema de archivos (4)

guidelines/KNOWLEDGE_SHARING.md:32-33 guidelines/KNOWLEDGE_SHARING.md:47 guidelines/KNOWLEDGE_SHARING.md:119-130 guidelines/KNOWLEDGE_SHARING.md:217-228

🌐 Acceso a red (3)

guidelines/KNOWLEDGE_SHARING.md:38-44 guidelines/KNOWLEDGE_SHARING.md:128-131 guidelines/KNOWLEDGE_SHARING.md:180-183

Versión de auditoría 5

Seguro

Jan 16, 2026, 05:20 PM

Pure documentation skill containing only markdown guidelines. No executable code, no network operations, no command execution. The skill specifies allowed-tools: Read, Grep, Glob only. All 142 static findings are FALSE POSITIVES caused by the scanner detecting security terminology in documentation (e.g., 'Do not use MD5' flagged as 'weak crypto').

9

Archivos escaneados

1,461

Líneas analizadas

1

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (36)

Versión de auditoría 4

Seguro

Jan 16, 2026, 05:20 PM

Pure documentation skill containing only markdown guidelines. No executable code, no network operations, no command execution. The skill specifies allowed-tools: Read, Grep, Glob only. All 142 static findings are FALSE POSITIVES caused by the scanner detecting security terminology in documentation (e.g., 'Do not use MD5' flagged as 'weak crypto').

9

Archivos escaneados

1,461

Líneas analizadas

1

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (36)

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:55 AM

Pure prompt-based skill containing only markdown documentation files. No executable code, network operations, filesystem access, or command execution. The skill provides development guidelines for AI coding assistants.

8

Archivos escaneados

1,243

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:55 AM

Pure prompt-based skill containing only markdown documentation files. No executable code, network operations, filesystem access, or command execution. The skill provides development guidelines for AI coding assistants.

8

Archivos escaneados

1,243

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:55 AM

Pure prompt-based skill containing only markdown documentation files. No executable code, network operations, filesystem access, or command execution. The skill provides development guidelines for AI coding assistants.

8

Archivos escaneados

1,243

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad