📦

監査履歴

spec-kit-claude-code-workflow - 6 監査

監査バージョン 6

最新 安全

Jun 28, 2026, 03:57 AM

Static analysis reported six possible issues, but all reviewed locations are prose in SKILL.md. No executable code, network activity, system reconnaissance, weak cryptography use, data exfiltration, or prompt injection attempt was found.

1
スキャンされたファイル
184
解析済み行数
3
Review items
0
False positives ignored

Confirmed security concerns (3)

False Positive: Weak Cryptography Pattern
The static hits occur in descriptive workflow text, not in cryptographic code. Line 7 describes the skill, and line 45 discusses folder-specific rule overrides.
The referenced lines contain natural-language documentation only. I found no algorithm names, crypto libraries, key handling, or encryption implementation.
False Positive: System Reconnaissance Pattern
The static hits refer to rapid prototyping and rapid specification changes. They do not instruct collection of host, user, process, or environment information.
Both locations are workflow guidance sentences. I found no command usage, filesystem probing, environment access, or inventory collection.
False Positive: Network Reconnaissance Pattern
The static hits discuss feedback mechanisms and workflow monitoring. They do not contain network scanning, connection testing, or external endpoint access.
The relevant text is conceptual process guidance. I found no URLs, sockets, port scans, ping commands, or network libraries.
監査者: codex

監査バージョン 5

安全

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
スキャンされたファイル
361
解析済み行数
0
Review items
0
False positives ignored
セキュリティ問題は見つかりませんでした
監査者: claude

監査バージョン 4

安全

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
スキャンされたファイル
361
解析済み行数
0
Review items
0
False positives ignored
セキュリティ問題は見つかりませんでした
監査者: claude

監査バージョン 3

安全

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
スキャンされたファイル
184
解析済み行数
0
Review items
0
False positives ignored
セキュリティ問題は見つかりませんでした
監査者: claude

監査バージョン 2

安全

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
スキャンされたファイル
184
解析済み行数
0
Review items
0
False positives ignored
セキュリティ問題は見つかりませんでした
監査者: claude

監査バージョン 1

安全

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
スキャンされたファイル
184
解析済み行数
0
Review items
0
False positives ignored
セキュリティ問題は見つかりませんでした
監査者: claude