Habilidades context-save Historial de auditorías
📦

Historial de auditorías

context-save - 6 auditorías

Versión de auditoría 6

Más reciente Riesgo medio

Jun 28, 2026, 10:02 PM

Static command-execution, weak-crypto, reconnaissance, and entropy findings are false positives caused by Markdown backticks, readable Chinese prose, and example text. The confirmed risk is that the skill directs agents to persist session summaries into repository files, which can accidentally retain secrets or proprietary context.

1
Archivos escaneados
140
Líneas analizadas
6
hallazgos
codex
Auditado por
Problemas de riesgo medio (1)
Sensitive Context Persistence
The skill asks the agent to summarize current session context, completed work, pending work, key files, and technical notes, then save that content under docs/context-sessions/. This is useful for handoffs, but it can persist secrets, proprietary requirements, credentials, or sensitive file paths if redaction is not performed.
Problemas de riesgo bajo (4)
False Positive: Markdown Backticks
The static Ruby or shell backtick findings are Markdown inline-code markers, fenced examples, and placeholder paths. No executable Ruby, shell command, subprocess call, or command interpolation is present in the skill text.
False Positive: Weak Cryptographic Algorithm
The weak cryptography finding at the frontmatter description is not supported by the file content. The line describes saving Markdown session notes and does not define or use a cryptographic algorithm.
False Positive: System Reconnaissance
The system reconnaissance finding points to example notes about a media identifier in a sample project task. It does not instruct the agent to inspect the host system, enumerate processes, or collect environment data.
False Positive: High Entropy Content
The high entropy finding appears to be caused by multilingual prose, Markdown symbols, and emoji in a readable Markdown file. No binary blob, encrypted payload, encoded script, or obfuscated content was found.

Factores de riesgo

📁 Acceso al sistema de archivos (3)

Versión de auditoría 5

Seguro

Jan 16, 2026, 08:31 PM

This is a prompt-based skill with no executable code. SKILL.md contains only natural language instructions for generating markdown session summaries. No file system access, network calls, or command execution capabilities exist in the skill itself. The static analyzer produced false positives by misinterpreting Chinese text and markdown formatting as security vulnerabilities. All findings are dismissed as false positives.

2
Archivos escaneados
319
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 4

Seguro

Jan 16, 2026, 08:31 PM

This is a prompt-based skill with no executable code. SKILL.md contains only natural language instructions for generating markdown session summaries. No file system access, network calls, or command execution capabilities exist in the skill itself. The static analyzer produced false positives by misinterpreting Chinese text and markdown formatting as security vulnerabilities. All findings are dismissed as false positives.

2
Archivos escaneados
319
Líneas analizadas
1
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 3

Seguro

Jan 10, 2026, 12:13 PM

This is a prompt-based skill with no executable code. It provides instructions for generating markdown session summaries. No file system access, network calls, or command execution capabilities detected. The behavior matches the stated purpose exactly.

1
Archivos escaneados
140
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 12:13 PM

This is a prompt-based skill with no executable code. It provides instructions for generating markdown session summaries. No file system access, network calls, or command execution capabilities detected. The behavior matches the stated purpose exactly.

1
Archivos escaneados
140
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 12:13 PM

This is a prompt-based skill with no executable code. It provides instructions for generating markdown session summaries. No file system access, network calls, or command execution capabilities detected. The behavior matches the stated purpose exactly.

1
Archivos escaneados
140
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad