Habilidades full-review Historial de auditorías
📦

Historial de auditorías

full-review - 7 auditorías

Versión de auditoría 7

Más reciente Riesgo bajo

Jun 28, 2026, 12:48 PM

Static analysis flagged many command and blocker patterns, but most are Markdown examples, inline file globs, checklist text, or report-format placeholders. The only confirmed behavior is read-only local git inspection with stderr redirected to /dev/null, which is expected for a code review skill and shows no network, credential access, or prompt-injection attempt.

1
Archivos escaneados
180
Líneas analizadas
5
hallazgos
codex
Auditado por
Problemas de riesgo bajo (3)
Read-Only Local Git Commands
The workflow includes a fenced bash example that runs git diff and git status to identify changed files. This is legitimate for a review skill and does not show command injection, network access, or secret collection, but it can expose repository file names and status to the assistant context.
Static Analyzer False Positives in Markdown Content
The high blocker and many external command detections are caused by ordinary prose, inline backticks, file globs, skill names, checklist items, and report placeholders. No weak cryptographic implementation, system reconnaissance behavior, or executable Ruby backtick code is present in the reviewed file.
Benign Standard Device Redirection
The filesystem finding is stderr redirection to /dev/null in a git command example. This suppresses command errors and does not read files, write project data, or access sensitive paths.

Factores de riesgo

⚙️ Comandos externos (1)
📁 Acceso al sistema de archivos (1)

Patrones detectados

Local Shell Command Example

Versión de auditoría 6

Seguro

Jan 21, 2026, 02:46 PM

All static analysis findings are false positives. The skill is documentation-only (SKILL.md) describing a legitimate code review workflow. Backticks flagged as shell execution are markdown code formatting. Numeric values flagged as weak crypto are JSON array indices. No executable code exists that poses security risks.

2
Archivos escaneados
695
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 5

Riesgo medio

Jan 16, 2026, 05:59 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Archivos escaneados
374
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Patrones detectados

Weak cryptographic algorithmRuby/shell backtick executionStandard device file accessSystem reconnaissance

Versión de auditoría 4

Riesgo medio

Jan 16, 2026, 05:59 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Archivos escaneados
374
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Patrones detectados

Weak cryptographic algorithmRuby/shell backtick executionStandard device file accessSystem reconnaissance

Versión de auditoría 3

Seguro

Jan 10, 2026, 11:08 AM

This skill consists solely of documentation and prompt guidance for performing code reviews. No executable code, scripts, network calls, or filesystem operations are defined. The skill describes using git commands for change detection, which is expected behavior for a code review tool.

1
Archivos escaneados
180
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 11:08 AM

This skill consists solely of documentation and prompt guidance for performing code reviews. No executable code, scripts, network calls, or filesystem operations are defined. The skill describes using git commands for change detection, which is expected behavior for a code review tool.

1
Archivos escaneados
180
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 11:08 AM

This skill consists solely of documentation and prompt guidance for performing code reviews. No executable code, scripts, network calls, or filesystem operations are defined. The skill describes using git commands for change detection, which is expected behavior for a code review tool.

1
Archivos escaneados
180
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad