📦

監査履歴

commit-drafter - 6 監査

監査バージョン 6

最新 中リスク

Jun 28, 2026, 04:12 AM

Static external-command findings are confirmed as intentional Git usage with fixed argument lists, not shell injection. The weak-cryptography findings are false positives on prose and AI instruction text. A medium risk remains because full staged diff content is placed into the model context, where malicious diff text could influence the drafted message.

2
スキャンされたファイル
368
解析済み行数
2
Review items
2
False positives ignored

Confirmed security concerns (1)

Untrusted Diff Content Enters AI Prompt
The script retrieves the full staged diff and places it directly before instructions for the AI. A staged file can contain adversarial text that influences the generated commit message, although the script does not execute that text.
The code clearly inserts full_diff into the output consumed by the AI. The risk depends on repository content, so this is a prompt-context concern rather than confirmed malicious behavior.
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Fixed Git Subprocess Usage
The subprocess.run finding is real command execution, but it invokes git with list arguments and no shell. The observed calls use fixed Git subcommands needed for the skill purpose, so command injection evidence was not found.
The subprocess call uses argv form rather than shell parsing, and the command lists are constructed by local functions. The SKILL.md hit is prose that mentions git diff, not an executable instruction by itself.
Weak Cryptography Static Findings Are False Positives
The reported weak-cryptography locations contain skill description text, Claude references, and commit-message instructions. No cryptographic algorithm, hashing operation, or encryption code is present at those locations.
Line review shows ordinary prose and generated-message instructions at every reported location. There is no evidence of MD5, SHA1, DES, RC4, or related weak cryptographic use.

リスク要因

⚙️ 外部コマンド (2)

検出されたパターン

External Git Command ExecutionFull Diff Included In Model Context
監査者: codex

監査バージョン 5

安全

Jan 16, 2026, 02:45 PM

This skill is a legitimate git utility. Static scanner found 20 patterns but ALL are false positives. The scanner misidentified Markdown backticks as shell execution, JSON text as cryptographic algorithms, and a source URL as a network vulnerability. The code only runs hardcoded read-only git commands (status, diff, rev-parse) with argument lists and timeouts.

3
スキャンされたファイル
589
解析済み行数
2
Review items
0
False positives ignored

リスク要因

⚙️ 外部コマンド (1)
📁 ファイルシステムへのアクセス (1)
監査者: claude

監査バージョン 4

安全

Jan 16, 2026, 02:45 PM

This skill is a legitimate git utility. Static scanner found 20 patterns but ALL are false positives. The scanner misidentified Markdown backticks as shell execution, JSON text as cryptographic algorithms, and a source URL as a network vulnerability. The code only runs hardcoded read-only git commands (status, diff, rev-parse) with argument lists and timeouts.

3
スキャンされたファイル
589
解析済み行数
2
Review items
0
False positives ignored

リスク要因

⚙️ 外部コマンド (1)
📁 ファイルシステムへのアクセス (1)
監査者: claude

監査バージョン 3

低リスク

Jan 10, 2026, 09:52 AM

This skill is a legitimate git utility that analyzes staged changes to help draft commit messages. It uses subprocess to run read-only git commands (status, diff, rev-parse) with hardcoded arguments. No network calls, no arbitrary command execution, no file access outside the git repository.

2
スキャンされたファイル
368
解析済み行数
2
Review items
0
False positives ignored

リスク要因

⚙️ 外部コマンド (1)
📁 ファイルシステムへのアクセス (3)
監査者: claude

監査バージョン 2

低リスク

Jan 10, 2026, 09:52 AM

This skill is a legitimate git utility that analyzes staged changes to help draft commit messages. It uses subprocess to run read-only git commands (status, diff, rev-parse) with hardcoded arguments. No network calls, no arbitrary command execution, no file access outside the git repository.

2
スキャンされたファイル
368
解析済み行数
2
Review items
0
False positives ignored

リスク要因

⚙️ 外部コマンド (1)
📁 ファイルシステムへのアクセス (3)
監査者: claude

監査バージョン 1

低リスク

Jan 10, 2026, 09:52 AM

This skill is a legitimate git utility that analyzes staged changes to help draft commit messages. It uses subprocess to run read-only git commands (status, diff, rev-parse) with hardcoded arguments. No network calls, no arbitrary command execution, no file access outside the git repository.

2
スキャンされたファイル
368
解析済み行数
2
Review items
0
False positives ignored

リスク要因

⚙️ 外部コマンド (1)
📁 ファイルシステムへのアクセス (3)
監査者: claude