Historique des audits - streaming-api-patterns

Version de l’audit 6

Dernier Risque faible

Jun 28, 2026, 10:33 AM

Static analysis reported external command and weak cryptography patterns, but review found those were false positives from Markdown code fences, inline code, metadata text, and checklist wording. The network patterns are expected educational examples for SSE, WebSocket, fetch, and documentation links. One low-severity template issue remains because an error message is interpolated directly into an SSE JSON event.

3

Fichiers analysés

420

Lignes analysées

4

résultats

codex

Audité par

Problèmes à risque faible (3)

templates/sse-endpoint-template.ts:36

Unsafe Error Message Interpolation in SSE Template

The template inserts error.message directly into a JSON-formatted SSE event string. This can leak internal error details and can break the event payload if the message contains quotes or control characters.

Documentation Syntax Misclassified as Execution or Weak Crypto

The reported external command and weak cryptography findings are not real execution or cryptography risks. The cited locations are Markdown code fences, inline formatting, metadata text, and checklist wording, not runnable shell or weak crypto code.

SKILL.md:62 SKILL.md:90 SKILL.md:160 SKILL.md:202 SKILL.md:255 SKILL.md:256 SKILL.md:257 SKILL.md:258 templates/sse-endpoint-template.ts:59

Expected Network API Examples

The network findings are legitimate examples for a streaming API skill. They show EventSource, WebSocket, fetch, SSE headers, and public documentation links without hidden exfiltration behavior.

Facteurs de risque

🌐 Accès réseau (9)

SKILL.md:160 SKILL.md:90 SKILL.md:62 SKILL.md:202 SKILL.md:255 SKILL.md:256 SKILL.md:257 SKILL.md:258 templates/sse-endpoint-template.ts:59

Motifs détectés

Raw Exception Text in Streamed JSON Event

Version de l’audit 5

Sûr

Jan 16, 2026, 05:08 PM

Pure documentation and code template skill. All static findings are false positives caused by markdown code formatting (backticks) misidentified as shell commands, and documentation references to cryptographic algorithms (in URLs/specifications) misidentified as weak crypto usage. The skill contains no executable scripts, network calls, or filesystem operations beyond its own files.

4

Fichiers analysés

623

Lignes analysées

2

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 4

Sûr

Jan 16, 2026, 05:08 PM

Pure documentation and code template skill. All static findings are false positives caused by markdown code formatting (backticks) misidentified as shell commands, and documentation references to cryptographic algorithms (in URLs/specifications) misidentified as weak crypto usage. The skill contains no executable scripts, network calls, or filesystem operations beyond its own files.

4

Fichiers analysés

623

Lignes analysées

2

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 3

Sûr

Jan 10, 2026, 10:52 AM

Pure documentation and code template skill containing no executable scripts, network calls, or filesystem access beyond its own files. All code examples are educational patterns for streaming API implementation.

3

Fichiers analysés

420

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 2

Sûr

Jan 10, 2026, 10:52 AM

Pure documentation and code template skill containing no executable scripts, network calls, or filesystem access beyond its own files. All code examples are educational patterns for streaming API implementation.

3

Fichiers analysés

420

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 1

Sûr

Jan 10, 2026, 10:52 AM

Pure documentation and code template skill containing no executable scripts, network calls, or filesystem access beyond its own files. All code examples are educational patterns for streaming API implementation.

3

Fichiers analysés

420

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé