📦

감사 이력

extend-signal-schema - 6 감사

감사 버전 6

최신 안전

Jun 28, 2026, 06:01 AM

Static analysis reported many high-risk patterns, but review found they are false positives caused by Markdown inline code, documentation examples, and ordinary words such as description. The skill is a procedural guide for schema changes and contains no executable script, no prompt injection attempt, no credential handling, and no data exfiltration behavior.

1
스캔된 파일
376
분석된 줄 수
0
Review items
3
False positives ignored
Static false positives ignored (3)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

낮음
False Positive: Markdown Backtick Text Flagged as Command Execution
Static analysis flagged many inline Markdown backtick spans as Ruby or shell backtick execution. These lines document filenames, schema fields, and example commands inside SKILL.md; they are not executable code and do not create command injection risk.
The reviewed locations are Markdown documentation references and examples, not Ruby source or shell execution contexts. No executable file or runtime command wrapper is present in the skill.
낮음
False Positive: Weak Cryptography Pattern From Plain Text
Static analysis flagged weak cryptography at lines containing prose such as frontmatter description and summary text. No hash, cipher, encryption library, or cryptographic operation appears in the reviewed SKILL.md context.
The flagged text is ordinary documentation, mainly words containing weak pattern substrings. There is no code path that performs cryptography or selects an unsafe algorithm.
낮음
False Positive: Reconnaissance Terms Are Repository Guidance
Static analysis flagged system and network reconnaissance patterns, but the cited lines instruct the user to read governance files, inspect target schemas, avoid nondeterminism, or avoid external APIs. The skill does not collect host, network, or environment information.
The cited material is bounded repository workflow guidance and example output text. I found no commands or instructions for network scanning, host profiling, or exfiltration.
보안 문제가 발견되지 않았습니다
감사자: codex

감사 버전 5

안전

Jan 16, 2026, 03:04 PM

All 109 static findings are false positives from pattern matching against documentation and metadata files. The skill contains no executable code, only markdown documentation (SKILL.md) and JSON metadata (). All detected patterns are backtick-wrapped code examples in documentation or JSON string values describing the skill's functionality.

2
스캔된 파일
558
분석된 줄 수
1
Review items
0
False positives ignored
감사자: claude

감사 버전 4

안전

Jan 16, 2026, 03:04 PM

All 109 static findings are false positives from pattern matching against documentation and metadata files. The skill contains no executable code, only markdown documentation (SKILL.md) and JSON metadata (). All detected patterns are backtick-wrapped code examples in documentation or JSON string values describing the skill's functionality.

2
스캔된 파일
558
분석된 줄 수
1
Review items
0
False positives ignored
감사자: claude

감사 버전 3

안전

Jan 10, 2026, 09:42 AM

Pure prompt-based skill consisting only of documentation. No executable code, scripts, network calls, filesystem access, or command execution. The skill provides guidelines for schema extension with explicit safety boundaries and hard prohibitions against dangerous operations.

1
스캔된 파일
376
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 2

안전

Jan 10, 2026, 09:42 AM

Pure prompt-based skill consisting only of documentation. No executable code, scripts, network calls, filesystem access, or command execution. The skill provides guidelines for schema extension with explicit safety boundaries and hard prohibitions against dangerous operations.

1
스캔된 파일
376
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 1

안전

Jan 10, 2026, 09:42 AM

Pure prompt-based skill consisting only of documentation. No executable code, scripts, network calls, filesystem access, or command execution. The skill provides guidelines for schema extension with explicit safety boundaries and hard prohibitions against dangerous operations.

1
스캔된 파일
376
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude