Historique des audits - testing-strategy-builder

Version de l’audit 6

Dernier Risque faible

Jun 28, 2026, 10:37 AM

Static analysis flagged many shell, network, filesystem, and weak-crypto patterns, but reviewed evidence shows they are Markdown examples, templates, and testing guidance rather than executable skill logic. No prompt-injection language, data exfiltration intent, or malicious automation was found in the reviewed files. The skill is suitable for publication with low risk because users may copy commands or sample tests into their own projects.

5

Fichiers analysés

1,675

Lignes analysées

6

résultats

codex

Audité par

Problèmes à risque faible (3)

SKILL.md:36-50 SKILL.md:75-89 SKILL.md:304-330 templates/test-plan-template.md:313

External Command Patterns Are Documentation Examples

Verdict: FALSE_POSITIVE. The flagged command patterns appear in Markdown installation commands, verification commands, CI examples, and code fences. They are not executed by the skill and do not include user-controlled command construction.

references/code-examples.md:92 references/code-examples.md:112 references/code-examples.md:167-183

Network Patterns Are Sample Test Requests

Verdict: FALSE_POSITIVE. The HTTP client and URL findings are example API tests and a k6 load-test sample. The skill does not send data externally or configure a real destination for exfiltration.

references/code-examples.md:254 SKILL.md:13 templates/test-plan-template.md:180 templates/test-case-template.md:23

Filesystem And Weak-Crypto Alerts Lack Risk Context

Verdict: FALSE_POSITIVE. The path traversal finding is a Jest mock import in a code example, and weak-crypto alerts occur at general testing text or sample data locations. No filesystem access routine or cryptographic implementation was found at the cited locations.

Facteurs de risque

⚙️ Commandes externes (6)

SKILL.md:36-50 SKILL.md:75-89 SKILL.md:304-330 references/code-examples.md:9-40 templates/test-case-template.md:122-158 templates/test-plan-template.md:313

🌐 Accès réseau (4)

references/code-examples.md:92 references/code-examples.md:112 references/code-examples.md:167-183 references/code-examples.md:183

📁 Accès au système de fichiers (1)

references/code-examples.md:254

Version de l’audit 5

Sûr

Jan 16, 2026, 05:09 PM

Pure documentation skill containing only markdown files, code examples, and templates. No executable scripts, no network calls, no file system access beyond its own resources, and no environment variable access. The static scanner incorrectly flagged documentation examples showing testing tool commands (e.g., 'npm install jest') as backtick execution, and security testing references (e.g., discussing JWT, SQL injection testing) as cryptographic algorithm patterns. A prior Claude audit confirmed this skill contains only testing guidance and best practices.

6

Fichiers analysés

1,897

Lignes analysées

3

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Facteurs de risque

⚙️ Commandes externes (114)

🌐 Accès réseau (4)

references/code-examples.md:183 references/code-examples.md:92 references/code-examples.md:112 references/code-examples.md:183

📁 Accès au système de fichiers (1)

references/code-examples.md:254

Version de l’audit 4

Sûr

Jan 16, 2026, 05:09 PM

Pure documentation skill containing only markdown files, code examples, and templates. No executable scripts, no network calls, no file system access beyond its own resources, and no environment variable access. The static scanner incorrectly flagged documentation examples showing testing tool commands (e.g., 'npm install jest') as backtick execution, and security testing references (e.g., discussing JWT, SQL injection testing) as cryptographic algorithm patterns. A prior Claude audit confirmed this skill contains only testing guidance and best practices.

6

Fichiers analysés

1,897

Lignes analysées

3

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Facteurs de risque

⚙️ Commandes externes (114)

🌐 Accès réseau (4)

references/code-examples.md:183 references/code-examples.md:92 references/code-examples.md:112 references/code-examples.md:183

📁 Accès au système de fichiers (1)

references/code-examples.md:254

Version de l’audit 3

Sûr

Jan 10, 2026, 10:53 AM

Pure documentation skill containing only markdown files, code examples, and templates. No executable scripts, no network calls, no file system access beyond its own resources, and no environment variable access. Contains only testing guidance and best practices.

5

Fichiers analysés

1,337

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 2

Sûr

Jan 10, 2026, 10:53 AM

Pure documentation skill containing only markdown files, code examples, and templates. No executable scripts, no network calls, no file system access beyond its own resources, and no environment variable access. Contains only testing guidance and best practices.

5

Fichiers analysés

1,337

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 1

Sûr

Jan 10, 2026, 10:53 AM

Pure documentation skill containing only markdown files, code examples, and templates. No executable scripts, no network calls, no file system access beyond its own resources, and no environment variable access. Contains only testing guidance and best practices.

5

Fichiers analysés

1,337

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé