監査履歴
prototype-to-production - 6 監査
監査バージョン 6
最新 低リスクJun 28, 2026, 10:15 AM
Static analysis reported command execution, network, weak cryptography, credential, and combined-risk patterns, but review found these are documentation and template false positives. The skill contains Markdown examples, SVG namespace URLs, and design token wording, with no evidence of real shell execution, external requests, secret access, weak crypto use, or prompt injection. Publication is reasonable with a low-risk filesystem warning because the workflow reads project files and generates component files.
低リスクの問題 (4)
リスク要因
📁 ファイルシステムへのアクセス (3)
監査バージョン 5
安全Jan 16, 2026, 04:58 PM
Pure documentation skill with no executable code. Static findings are false positives caused by the scanner misinterpreting React/TypeScript syntax (className, onClick) as shell commands and cryptographic patterns. No scripts, network calls, or credential access exist in this skill.
リスク要因
⚙️ 外部コマンド (141)
監査バージョン 4
安全Jan 16, 2026, 04:58 PM
Pure documentation skill with no executable code. Static findings are false positives caused by the scanner misinterpreting React/TypeScript syntax (className, onClick) as shell commands and cryptographic patterns. No scripts, network calls, or credential access exist in this skill.
リスク要因
⚙️ 外部コマンド (141)
監査バージョン 3
安全Jan 10, 2026, 10:42 AM
Pure prompt-based knowledge skill containing only documentation and code templates. No executable scripts, network calls, file system access, or code execution capabilities. All content is static reference material for converting HTML prototypes to React components.
監査バージョン 2
安全Jan 10, 2026, 10:42 AM
Pure prompt-based knowledge skill containing only documentation and code templates. No executable scripts, network calls, file system access, or code execution capabilities. All content is static reference material for converting HTML prototypes to React components.
監査バージョン 1
安全Jan 10, 2026, 10:42 AM
Pure prompt-based knowledge skill containing only documentation and code templates. No executable scripts, network calls, file system access, or code execution capabilities. All content is static reference material for converting HTML prototypes to React components.