Historial de auditorías

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 03:01 PM

Static analysis reported shell execution, weak cryptography, and reconnaissance patterns, but contextual review found only Markdown examples, ordinary prose, and structured reasoning templates in SKILL.md. No executable commands, prompt injection attempts, network access, filesystem access, credential handling, or malicious intent were found.

1

Archivos escaneados

310

Líneas analizadas

3

hallazgos

codex

Auditado por

Problemas de riesgo bajo (3)

SKILL.md:12 SKILL.md:20 SKILL.md:43 SKILL.md:51 SKILL.md:60 SKILL.md:68 SKILL.md:91 SKILL.md:119 SKILL.md:136 SKILL.md:155 SKILL.md:158 SKILL.md:162 SKILL.md:169 SKILL.md:188 SKILL.md:191 SKILL.md:214 SKILL.md:237 SKILL.md:267 SKILL.md:274 SKILL.md:279 SKILL.md:282 SKILL.md:290 SKILL.md:293 SKILL.md:298 SKILL.md:301

Static external command findings dismissed

The reported Ruby or shell backtick execution matches are Markdown code fence delimiters and example blocks. They are documentation text, not executable commands or instructions to run commands.

SKILL.md:3 SKILL.md:16 SKILL.md:17 SKILL.md:40 SKILL.md:62 SKILL.md:143 SKILL.md:210 SKILL.md:224 SKILL.md:226

Static weak cryptography findings dismissed

The reported weak cryptography matches occur in ordinary description text, type signatures, headings, or business examples. No cryptographic API, hashing function, encryption routine, or credential handling is present.

SKILL.md:26 SKILL.md:55

Static reconnaissance findings dismissed

The reported reconnaissance matches are normal diagnostic questions in a reasoning guide. They do not instruct the agent to enumerate hosts, collect system details, scan networks, or gather local environment data.

Versión de auditoría 5

Seguro

Jan 16, 2026, 06:28 PM

Pure documentation skill with no executable code. All static findings are false positives: YAML field names misidentified as crypto algorithms, markdown backticks misidentified as shell execution, and a source URL misidentified as network access. This is a safe reasoning framework guide.

2

Archivos escaneados

489

Líneas analizadas

1

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 4

Seguro

Jan 16, 2026, 06:28 PM

Pure documentation skill with no executable code. All static findings are false positives: YAML field names misidentified as crypto algorithms, markdown backticks misidentified as shell execution, and a source URL misidentified as network access. This is a safe reasoning framework guide.

2

Archivos escaneados

489

Líneas analizadas

1

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 3

Seguro

Jan 10, 2026, 11:18 AM

Pure prompt-based skill containing only documentation. No executable code, network operations, filesystem access, or external command execution. This is a safe documentation skill for reasoning guidance.

1

Archivos escaneados

310

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 11:18 AM

Pure prompt-based skill containing only documentation. No executable code, network operations, filesystem access, or external command execution. This is a safe documentation skill for reasoning guidance.

1

Archivos escaneados

310

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 11:18 AM

Pure prompt-based skill containing only documentation. No executable code, network operations, filesystem access, or external command execution. This is a safe documentation skill for reasoning guidance.

1

Archivos escaneados

310

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 6

Versión de auditoría 5

Factores de riesgo

Versión de auditoría 4

Factores de riesgo

Versión de auditoría 3

Versión de auditoría 2

Versión de auditoría 1