Compétences synthese-multi-llm Historique des audits
📦

Historique des audits

synthese-multi-llm - 6 audits

Version de l’audit 6

Dernier Risque moyen

Jun 28, 2026, 08:17 AM

Static analysis found many command, credential, network, filesystem, and hash patterns. Review confirms these are mostly intended multi-LLM orchestration features, not confirmed malicious behavior. The skill should publish with a medium-risk warning because it can send source text to model providers and persist audit data locally.

21
Fichiers analysés
8,591
Lignes analysées
12
résultats
codex
Audité par
Problèmes à risque moyen (4)
scripts/synthese.py:1299-1318
External model commands execute with user prompts
The main workflow runs fixed model CLIs and passes the prompt as an argument. This reduces shell injection risk, but it still executes external tools and shares document content with them.
scripts/backends/cli_backend.py:147-159
Configurable CLI backend can run configured commands
The generic CLI backend builds a command from configuration and executes it with the inherited environment. This is useful for custom LLM tools but risky with untrusted configuration.
wrappers/claude_wrapper.sh:20-42wrappers/ollama_wrapper.sh:18-40
Model wrappers send prompts to configured services
The Claude wrapper sends prompts to the Anthropic API with an API key header, and the Ollama wrapper sends prompts to a configured host. This is intended behavior but can expose sensitive source text.
scripts/synthese.py:2671-2717
Audit trails and exports persist synthesis data locally
The workflow writes session trails and Markdown output to local files. This supports traceability, but users must manage stored source excerpts and model responses.
Problèmes à risque faible (3)
scripts/synthese.py:658-668scripts/synthese.py:1782-1786
Weak-crypto scanner matches are non-security identifiers
Reviewed hash usage is for cache keys and short session identifiers, not password storage, signatures, or encryption. The static weak-crypto labels are false positives in this context.
scripts/sanitize.py:25-43scripts/sanitize.py:176-202
Shell metacharacter and hex findings are sanitizer data
The flagged backticks, command substitutions, and hex escapes appear inside input sanitization constants and cleanup logic. They are detection targets, not executed payloads.
references/configuration.md:10-12
Prompt injection indicators were not found
Searches for override, skip-review, and fake authority language found configuration terms only. No evidence found of instructions that try to override the audit process.

Facteurs de risque

⚙️ Commandes externes (4)
scripts/synthese.py:1229-1233 scripts/synthese.py:1317-1322 scripts/backends/cli_backend.py:147-159 wrappers/claude_wrapper.sh:37-40
🔑 Variables d’environnement (4)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/anthropic_backend.py:314-320 wrappers/claude_wrapper.sh:22-24 wrappers/claude_wrapper.sh:40-42
🌐 Accès réseau (4)
wrappers/claude_wrapper.sh:20 wrappers/claude_wrapper.sh:39-46 wrappers/ollama_wrapper.sh:18-20 wrappers/ollama_wrapper.sh:39-45
📁 Accès au système de fichiers (3)
scripts/config.py:205-207 scripts/synthese.py:2671-2681 scripts/synthese.py:2700-2717
⚡ Contient des scripts (3)
scripts/synthese.py:1-24 scripts/backends/__init__.py:22-41 scripts/backends/cli_backend.py:1-18

Motifs détectés

Python subprocess executionAsync configurable subprocess executionAPI key environment accessNetwork requests from shell wrappers

Version de l’audit 5

Risque faible

Jan 16, 2026, 03:20 PM

This is a legitimate multi-LLM orchestration tool for text summarization. The static analyzer's 588 findings are overwhelmingly false positives. The 'weak cryptographic algorithm' findings are markdown documentation being misidentified. 'Shell backtick execution' findings are markdown code formatting. 'API/secret keys' findings are proper environment variable access patterns. The critical heuristics are triggered by legitimate subprocess execution for CLI model calls and API interactions with proper credential handling. No evidence of malicious intent, data exfiltration, or harmful patterns found.

22
Fichiers analysés
9,013
Lignes analysées
4
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

⚙️ Commandes externes (2)
scripts/synthese.py:1229-1242 scripts/synthese.py:1299-1320
🌐 Accès réseau (1)
scripts/synthese.py:836-848
📁 Accès au système de fichiers (1)
scripts/synthese.py:708-720
🔑 Variables d’environnement (1)
scripts/backends/anthropic_backend.py:106-108

Version de l’audit 4

Risque faible

Jan 16, 2026, 03:20 PM

This is a legitimate multi-LLM orchestration tool for text summarization. The static analyzer's 588 findings are overwhelmingly false positives. The 'weak cryptographic algorithm' findings are markdown documentation being misidentified. 'Shell backtick execution' findings are markdown code formatting. 'API/secret keys' findings are proper environment variable access patterns. The critical heuristics are triggered by legitimate subprocess execution for CLI model calls and API interactions with proper credential handling. No evidence of malicious intent, data exfiltration, or harmful patterns found.

22
Fichiers analysés
9,013
Lignes analysées
4
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

⚙️ Commandes externes (2)
scripts/synthese.py:1229-1242 scripts/synthese.py:1299-1320
🌐 Accès réseau (1)
scripts/synthese.py:836-848
📁 Accès au système de fichiers (1)
scripts/synthese.py:708-720
🔑 Variables d’environnement (1)
scripts/backends/anthropic_backend.py:106-108

Version de l’audit 3

Risque faible

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
Fichiers analysés
4,642
Lignes analysées
7
résultats
claude
Audité par
Problèmes à risque faible (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

Facteurs de risque

⚡ Contient des scripts (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 Accès réseau (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 Accès au système de fichiers (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 Variables d’environnement (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ Commandes externes (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224

Version de l’audit 2

Risque faible

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
Fichiers analysés
4,642
Lignes analysées
7
résultats
claude
Audité par
Problèmes à risque faible (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

Facteurs de risque

⚡ Contient des scripts (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 Accès réseau (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 Accès au système de fichiers (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 Variables d’environnement (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ Commandes externes (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224

Version de l’audit 1

Risque faible

Jan 10, 2026, 10:15 AM

Legitimate multi-LLM synthesis tool. Capabilities align with stated purpose. Subprocess and network calls are documented and expected for calling external LLM services. Input sanitization and validation present. No malicious patterns detected.

14
Fichiers analysés
4,642
Lignes analysées
7
résultats
claude
Audité par
Problèmes à risque faible (2)
scripts/synthese.py:70
Subprocess execution for LLM calls
The code executes subprocess calls to invoke external CLI commands (claude, gemini, codex). This is a legitimate capability for an LLM orchestration tool. Callers are hardcoded CLI tools, not user-controlled input. Code: `asyncio.create_subprocess_exec(*cmd)` at scripts/synthese.py:70
wrappers/claude_wrapper.sh:40-50
Network calls to external APIs
The code makes HTTP requests to external LLM APIs (Anthropic, Ollama). Endpoints are documented and expected: https://api.anthropic.com/v1/messages and http://localhost:11434/api/generate. Required for core functionality.

Facteurs de risque

⚡ Contient des scripts (3)
scripts/synthese.py:1-1500 scripts/config.py:1-534 scripts/retry.py:1-611
🌐 Accès réseau (3)
scripts/backends/anthropic_backend.py:1-321 wrappers/claude_wrapper.sh:20-50 wrappers/ollama_wrapper.sh:40-46
📁 Accès au système de fichiers (2)
scripts/config.py:175-177 scripts/synthese.py:634-724
🔑 Variables d’environnement (2)
scripts/backends/anthropic_backend.py:106-108 scripts/backends/cli_backend.py:151-152
⚙️ Commandes externes (2)
scripts/synthese.py:64-89 scripts/backends/cli_backend.py:127-224
← Retour au skill