Habilidades goal-setter Historial de auditorías
📦

Historial de auditorías

goal-setter - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 02:51 PM

AI review found the static high-risk detections to be false positives caused by Markdown code fences, inline file names, planning terms, and business acronyms. No evidence found of executable commands, credential access, prompt injection, malware intent, or data exfiltration. The only residual risk is intended workspace file access for reading LeanOS strategy files and creating goal documents.

1
Archivos escaneados
500
Líneas analizadas
4
hallazgos
codex
Auditado por
Problemas de riesgo bajo (3)
SKILL.md:14-21SKILL.md:35-54SKILL.md:73-79SKILL.md:129-149SKILL.md:241-257SKILL.md:338-344SKILL.md:362-390SKILL.md:414-441SKILL.md:479-500
Static External Command Detections Are Markdown False Positives
The cited backtick detections are Markdown code fences, inline file paths, tables, and examples. No evidence found of Ruby backtick execution, shell invocation, command construction, or executable script content.
SKILL.md:3SKILL.md:38SKILL.md:105SKILL.md:123SKILL.md:267SKILL.md:276SKILL.md:354SKILL.md:374SKILL.md:401SKILL.md:409-413
Static Sensitive, Crypto, And Reconnaissance Detections Are Terminology Matches
The Windows SAM finding is the business acronym in TAM/SAM/SOM. The weak-crypto and reconnaissance hits are ordinary planning words, goal examples, file references, or business metrics, with no credential access, hash use, system probing, or network scanning behavior.
SKILL.md:19-21SKILL.md:91-94SKILL.md:257SKILL.md:477-480
Controlled Workspace File Access Is Part Of Intended Workflow
The skill instructs the agent to read LeanOS canvas and active-goal files, then create a goal Markdown file under strategy/goals/active. This is a legitimate capability, but users should review proposed file changes before applying them in sensitive workspaces.

Factores de riesgo

📁 Acceso al sistema de archivos (4)
SKILL.md:19-21 SKILL.md:91-94 SKILL.md:257 SKILL.md:477-480

Versión de auditoría 5

Seguro

Jan 16, 2026, 06:19 PM

Pure documentation skill containing only AI instructions and process documentation. No executable code, scripts, network calls, or external commands. All 94 static findings are false positives caused by markdown formatting (backticks), documentation file path references, and keyword misclassification. The skill only reads and writes markdown files within the project directory.

2
Archivos escaneados
678
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
SKILL.md:1-500

Versión de auditoría 4

Seguro

Jan 16, 2026, 06:19 PM

Pure documentation skill containing only AI instructions and process documentation. No executable code, scripts, network calls, or external commands. All 94 static findings are false positives caused by markdown formatting (backticks), documentation file path references, and keyword misclassification. The skill only reads and writes markdown files within the project directory.

2
Archivos escaneados
678
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚡ Contiene scripts (1)
SKILL.md:1-500

Versión de auditoría 3

Seguro

Jan 10, 2026, 11:13 AM

Pure prompt-based skill containing only documentation and AI instructions. No executable code, scripts, network calls, or external commands. Reads and writes markdown files within the skill's own project directory structure.

1
Archivos escaneados
500
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 11:13 AM

Pure prompt-based skill containing only documentation and AI instructions. No executable code, scripts, network calls, or external commands. Reads and writes markdown files within the skill's own project directory structure.

1
Archivos escaneados
500
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 11:13 AM

Pure prompt-based skill containing only documentation and AI instructions. No executable code, scripts, network calls, or external commands. Reads and writes markdown files within the skill's own project directory structure.

1
Archivos escaneados
500
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a la habilidad