📦
監査履歴
motion-graphics - 2 監査
監査バージョン 2
最新 中リスクJun 30, 2026, 02:20 AM
Static analysis reported many command, network, filesystem, and environment findings. Most Markdown backtick and weak-cryptography alerts are false positives from documentation, examples, and animation terms, but two helper scripts do execute local tools and can contact third-party services. No prompt injection attempt or confirmed malicious intent was found, but publication should include warnings for script execution, external asset fetching, and optional image upload to a Google API.
23
スキャンされたファイル
1,656
解析された行数
11
検出結果
codex
監査者
中リスクの問題 (3)
categories/maps/bake-basemap.mjs:25categories/maps/bake-basemap.mjs:229-250grounding/locate.mjs:23grounding/locate.mjs:35-36grounding/locate.mjs:39-49
Local Tool Execution in Helper Scripts
The skill includes executable helpers that invoke ffmpeg, ffprobe, base64, and Chrome-backed rendering through Node child_process APIs. Arguments are passed without a shell, so command injection is not confirmed, but installing the skill gives agents a workflow that runs local binaries on user-selected media and paths.
categories/maps/bake-basemap.mjs:106-119categories/maps/bake-basemap.mjs:153grounding/locate.mjs:191-216
Third-Party Network Fetching and Optional Image Upload
The basemap helper loads tiles, MapLibre libraries, and world-atlas data from public CDNs and map providers. The locate helper has an optional auto mode that sends a local image as inline data to the Google Generative Language API when GEMINI_API_KEY is present.
categories/maps/bake-basemap.mjs:61-74categories/maps/bake-basemap.mjs:111-113categories/maps/bake-basemap.mjs:217-219categories/maps/bake-basemap.mjs:257
Environment-Driven File Output and Runtime Configuration
The basemap helper reads many environment variables, including OUT and NAME, then writes rendered frames, MP4 files, and coordinate JSON using those values. This is useful for rendering but should be treated carefully because environment-controlled paths can write outside the expected project directory.
低リスクの問題 (3)
Markdown Command Alerts Are Mostly Documentation False Positives
Many static findings point to Markdown text that describes commands, categories, or HyperFrames contracts rather than executable code. These locations do not by themselves create code execution, although they instruct agents to run HyperFrames workflow commands during normal use.
Weak-Cryptography Alerts Are Scanner Noise
Static weak-cryptography findings appear to match ordinary words, animation vocabulary, schema references, and example text. No evidence found of cryptographic functions, password hashing, or security-sensitive cipher use in the reviewed files.
No Prompt Injection Attempt Found
Targeted review for override language, fake system instructions, pre-approval claims, or instructions to skip security analysis found no evidence in the inspected skill files.
リスク要因
⚡ スクリプトを含む (2)
⚙️ 外部コマンド (6)
🌐 ネットワークアクセス (5)
📁 ファイルシステムへのアクセス (7)
検出されたパターン
child_process ExecutionRuntime Network DependenciesSecret-Backed Optional Provider Use
監査バージョン 1
中リスクJun 27, 2026, 09:03 AM
Static analysis reported a high volume of command, network, filesystem, and environment findings. Most Markdown backtick and weak-crypto alerts are false positives from documentation, examples, and animation terminology, but two helper scripts do execute local tools and can contact third-party services. No prompt injection attempt or malicious intent was found, but publication should include warnings for script execution, external asset fetching, and optional image upload to a Google API.
23
スキャンされたファイル
1,656
解析された行数
11
検出結果
codex
監査者
中リスクの問題 (3)
categories/maps/bake-basemap.mjs:25categories/maps/bake-basemap.mjs:229-250grounding/locate.mjs:23grounding/locate.mjs:35-36grounding/locate.mjs:39-49
Local Tool Execution in Helper Scripts
The skill includes executable helpers that invoke ffmpeg, ffprobe, base64, and Chrome-backed rendering through Node child_process APIs. Arguments are passed without a shell, so command injection is not confirmed, but installing the skill gives agents a workflow that runs local binaries on user-selected media and paths.
categories/maps/bake-basemap.mjs:106-119categories/maps/bake-basemap.mjs:153grounding/locate.mjs:191-216
Third-Party Network Fetching and Optional Image Upload
The basemap helper loads tiles, MapLibre libraries, and world-atlas data from public CDNs and map providers. The locate helper has an optional auto mode that sends a local image as inline data to the Google Generative Language API when GEMINI_API_KEY is present.
categories/maps/bake-basemap.mjs:61-74categories/maps/bake-basemap.mjs:111-113categories/maps/bake-basemap.mjs:217-219categories/maps/bake-basemap.mjs:257
Environment-Driven File Output and Runtime Configuration
The basemap helper reads many environment variables, including OUT and NAME, then writes rendered frames, MP4 files, and coordinate JSON using those values. This is useful for rendering but should be treated carefully because environment-controlled paths can write outside the expected project directory.
低リスクの問題 (3)
Markdown Command Alerts Are Mostly Documentation False Positives
Many static findings point to Markdown text that describes commands, categories, or HyperFrames contracts rather than executable code. These locations do not by themselves create code execution, although they instruct agents to run HyperFrames workflow commands during normal use.
Weak-Cryptography Alerts Are Scanner Noise
Static weak-cryptography findings appear to match ordinary words, animation vocabulary, schema references, and example text. No evidence found of cryptographic functions, password hashing, or security-sensitive cipher use in the reviewed files.
No Prompt Injection Attempt Found
Targeted review for override language, fake system instructions, pre-approval claims, or instructions to skip security analysis found no evidence in the inspected skill files.
リスク要因
⚡ スクリプトを含む (2)
⚙️ 外部コマンド (6)
🌐 ネットワークアクセス (5)
📁 ファイルシステムへのアクセス (7)
検出されたパターン
child_process ExecutionRuntime Network DependenciesSecret-Backed Optional Provider Use