Habilidades elite-mvp-master Histórico de auditoria
📦

Histórico de auditoria

elite-mvp-master - 6 auditorias

Versão da auditoria 6

Mais recente Baixo Risco

Jun 28, 2026, 08:17 AM

The static analyzer flagged a weak cryptographic algorithm on SKILL.md line 3. Manual review found this is a false positive in descriptive YAML metadata, with no cryptographic code, execution path, or data handling behavior present.

1
Arquivos analisados
52
Linhas analisadas
0
Review items
1
False positives ignored
Static false positives ignored (1)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Baixo
False Positive: Weak Cryptographic Algorithm Match
The static analyzer flagged SKILL.md line 3, but the line is a YAML description for a coding guidance skill. No evidence found of cryptographic operations, executable code, commands, network behavior, or secret handling in the reviewed file.
The finding has very low confidence because the flagged text is plain metadata, not a crypto API or executable instruction. The reviewed file contains no supporting evidence of weak cryptographic usage.
Nenhum problema de segurança encontrado
Auditado por: codex

Versão da auditoria 5

Seguro

Jan 16, 2026, 03:27 PM

Pure prompt-based skill containing only markdown instructions for AI behavior. No executable code, scripts, network calls, filesystem access, or external commands. All 9 static findings are false positives: metadata URLs misinterpreted as exfiltration, React JSX syntax misinterpreted as path traversal, and compliance documentation keywords misinterpreted as cryptographic algorithms.

2
Arquivos analisados
230
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude

Versão da auditoria 4

Seguro

Jan 16, 2026, 03:27 PM

Pure prompt-based skill containing only markdown instructions for AI behavior. No executable code, scripts, network calls, filesystem access, or external commands. All 9 static findings are false positives: metadata URLs misinterpreted as exfiltration, React JSX syntax misinterpreted as path traversal, and compliance documentation keywords misinterpreted as cryptographic algorithms.

2
Arquivos analisados
230
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude

Versão da auditoria 3

Seguro

Jan 10, 2026, 09:40 AM

Pure prompt-based skill containing only markdown instructions for AI behavior. No executable code, scripts, network calls, filesystem access, or external commands. Contains only communication standards and development guidelines for construction software development.

1
Arquivos analisados
52
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude

Versão da auditoria 2

Seguro

Jan 10, 2026, 09:40 AM

Pure prompt-based skill containing only markdown instructions for AI behavior. No executable code, scripts, network calls, filesystem access, or external commands. Contains only communication standards and development guidelines for construction software development.

1
Arquivos analisados
52
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude

Versão da auditoria 1

Seguro

Jan 10, 2026, 09:40 AM

Pure prompt-based skill containing only markdown instructions for AI behavior. No executable code, scripts, network calls, filesystem access, or external commands. Contains only communication standards and development guidelines for construction software development.

1
Arquivos analisados
52
Linhas analisadas
0
Review items
0
False positives ignored
Nenhum problema de segurança encontrado
Auditado por: claude