Historique des audits - add-endpoint

Version de l’audit 6

Dernier Risque faible

Jun 28, 2026, 10:28 AM

Static analysis flagged Markdown backticks, relative import examples, and documentation text as command execution, path traversal, weak crypto, and reconnaissance. Review found only instructional TypeScript examples and endpoint documentation guidance, with no executable skill code, network access, secret handling, or prompt injection attempts.

1

Fichiers analysés

137

Lignes analysées

3

résultats

codex

Audité par

Problèmes à risque faible (1)

SKILL.md:18-136

Static Analyzer False Positives in Documentation

The reported command, traversal, weak cryptography, and reconnaissance patterns occur inside Markdown examples and checklist text. The skill contains no executable script, shell invocation, network call, environment access, or prompt-injection instruction.

Facteurs de risque

⚙️ Commandes externes (8)

SKILL.md:18 SKILL.md:20-60 SKILL.md:64-75 SKILL.md:81-91 SKILL.md:97-103 SKILL.md:107 SKILL.md:123 SKILL.md:127-136

📁 Accès au système de fichiers (4)

SKILL.md:25 SKILL.md:107 SKILL.md:128 SKILL.md:134

Version de l’audit 5

Sûr

Jan 16, 2026, 05:19 PM

This is a documentation-only skill containing a SKILL.md file with guidance for generating API endpoint code. No executable code, no file system access beyond reading its own file, no network calls, and no command execution capabilities. Pure prompt-based skill with zero attack surface. All 38 static findings are false positives caused by the analyzer misinterpreting documentation patterns (code examples as Ruby execution, Zod schemas as crypto, template placeholders as path traversal).

2

Fichiers analysés

314

Lignes analysées

2

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Facteurs de risque

📁 Accès au système de fichiers (1)

SKILL.md:25

⚙️ Commandes externes (20)

Version de l’audit 4

Sûr

Jan 16, 2026, 05:19 PM

This is a documentation-only skill containing a SKILL.md file with guidance for generating API endpoint code. No executable code, no file system access beyond reading its own file, no network calls, and no command execution capabilities. Pure prompt-based skill with zero attack surface. All 38 static findings are false positives caused by the analyzer misinterpreting documentation patterns (code examples as Ruby execution, Zod schemas as crypto, template placeholders as path traversal).

2

Fichiers analysés

314

Lignes analysées

2

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Facteurs de risque

📁 Accès au système de fichiers (1)

SKILL.md:25

⚙️ Commandes externes (20)

Version de l’audit 3

Sûr

Jan 10, 2026, 10:25 AM

This is a documentation-only skill containing a SKILL.md file with guidance for generating API endpoint code. No executable code, no file system access beyond reading its own file, no network calls, and no command execution capabilities. Pure prompt-based skill with zero attack surface.

1

Fichiers analysés

137

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 2

Sûr

Jan 10, 2026, 10:25 AM

This is a documentation-only skill containing a SKILL.md file with guidance for generating API endpoint code. No executable code, no file system access beyond reading its own file, no network calls, and no command execution capabilities. Pure prompt-based skill with zero attack surface.

1

Fichiers analysés

137

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé

Version de l’audit 1

Sûr

Jan 10, 2026, 10:25 AM

This is a documentation-only skill containing a SKILL.md file with guidance for generating API endpoint code. No executable code, no file system access beyond reading its own file, no network calls, and no command execution capabilities. Pure prompt-based skill with zero attack surface.

1

Fichiers analysés

137

Lignes analysées

0

résultats

claude

Audité par

Aucun problème de sécurité trouvé