Compétences llm-doc-writer Historique des audits
📦

Historique des audits

llm-doc-writer - 7 audits

Version de l’audit 7

Dernier Sûr

Jun 28, 2026, 04:42 AM

Static analysis reported external command, network, weak crypto, and reconnaissance patterns. Manual review found only markdown examples, inline code formatting, and ordinary documentation text, with no executable code or malicious intent.

2
Fichiers analysés
282
Lignes analysées
4
Review items
0
False positives ignored

Confirmed security concerns (4)

Faible
False Positive: Markdown Backticks Misread as Shell Execution
The external command detections are markdown fences or inline command examples. No Ruby code, shell execution logic, or user-controlled command invocation was found.
Both scanned files are markdown documentation. The flagged locations are code fences, inline command examples, or formatting markers, not executable Ruby backtick calls.
Faible
False Positive: Weak Crypto Pattern in Documentation Text
The weak cryptography detections match ordinary words and markdown references. No hashing, encryption, signing, or credential handling implementation was found.
Manual review found no cryptographic code. The lines contain documentation prose, headers, or references such as CLAUDE.md.
Faible
False Positive: Network Pattern in Architecture Example
The network detection appears in a prose example about REST APIs between services. No Python HTTP library import, endpoint, or outbound request code was found.
The line is inside a before-and-after documentation example. It describes architecture communication and does not perform network activity.
Faible
False Positive: Reconnaissance Pattern in Section Heading
The reconnaissance detection maps to an anti-patterns heading. No host, user, process, environment, or filesystem discovery command was found.
The flagged line is a markdown heading introducing writing anti-patterns. There is no executable system reconnaissance behavior in the file.
Audité par: codex

Version de l’audit 6

Sûr

Jan 21, 2026, 02:49 PM

All 55 static findings are false positives. The scanner misidentified markdown documentation syntax as security issues. Backticks are markdown code fences, not shell execution. RabbitMQ and JWT mentions are technology references, not weak crypto. The skill contains only documentation patterns and has no actual code execution, network calls, or cryptographic operations.

3
Fichiers analysés
926
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 5

Risque moyen Audit incomplete

Jan 16, 2026, 03:09 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

3
Fichiers analysés
471
Lignes analysées
3
Review items
0
False positives ignored

Motifs détectés

Ruby/shell backtick executionPython HTTP librariesWeak cryptographic algorithmSystem reconnaissance
Audité par: claude

Version de l’audit 4

Risque moyen Audit incomplete

Jan 16, 2026, 03:09 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

3
Fichiers analysés
471
Lignes analysées
3
Review items
0
False positives ignored

Motifs détectés

Ruby/shell backtick executionPython HTTP librariesWeak cryptographic algorithmSystem reconnaissance
Audité par: claude

Version de l’audit 3

Sûr

Jan 10, 2026, 09:55 AM

Pure prompt-based documentation skill with no code execution, filesystem access, network calls, or system modifications. Contains only instructional markdown content with writing guidelines and examples.

2
Fichiers analysés
282
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 2

Sûr

Jan 10, 2026, 09:55 AM

Pure prompt-based documentation skill with no code execution, filesystem access, network calls, or system modifications. Contains only instructional markdown content with writing guidelines and examples.

2
Fichiers analysés
282
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude

Version de l’audit 1

Sûr

Jan 10, 2026, 09:55 AM

Pure prompt-based documentation skill with no code execution, filesystem access, network calls, or system modifications. Contains only instructional markdown content with writing guidelines and examples.

2
Fichiers analysés
282
Lignes analysées
0
Review items
0
False positives ignored
Aucun problème de sécurité trouvé
Audité par: claude