Habilidades building-agent-tools Histórico de auditoria
📦

Histórico de auditoria

building-agent-tools - 6 auditorias

Versão da auditoria 6

Mais recente Baixo Risco

Jun 28, 2026, 06:02 PM

Static analysis reported external command, weak cryptography, and reconnaissance patterns, but review found only Markdown prose and inline identifiers. No executable code, prompt injection attempt, network access, filesystem access, or credential handling was found in SKILL.md.

1
Arquivos analisados
81
Linhas analisadas
3
achados
codex
Auditado por
Problemas de Baixo Risco (3)
False positive: inline Markdown examples flagged as shell execution
Verdict: FALSE_POSITIVE. The flagged backtick text is Markdown inline code showing tool names and schema field names, not Ruby or shell execution.
False positive: prose flagged as weak cryptography
Verdict: FALSE_POSITIVE. The flagged lines discuss agent tool design, descriptions, namespacing, and response formats, with no cryptographic algorithm or crypto API usage.
False positive: design guidance flagged as system reconnaissance
Verdict: FALSE_POSITIVE. The flagged lines advise against poor tool design and recommend documenting parameter constraints. They do not collect system information.

Versão da auditoria 5

Seguro

Jan 16, 2026, 07:21 PM

Pure documentation skill containing only markdown guidance for designing AI agent tools. No executable code, no file system access, no network calls, no command execution. All 50 static findings are false positives triggered by pattern matching on documentation text without semantic understanding.

2
Arquivos analisados
258
Linhas analisadas
1
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 4

Seguro

Jan 16, 2026, 07:21 PM

Pure documentation skill containing only markdown guidance for designing AI agent tools. No executable code, no file system access, no network calls, no command execution. All 50 static findings are false positives triggered by pattern matching on documentation text without semantic understanding.

2
Arquivos analisados
258
Linhas analisadas
1
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 3

Seguro

Jan 10, 2026, 11:42 AM

Pure documentation skill containing only markdown guidance for designing AI agent tools. No executable code, no file system access, no network calls, no command execution. This is instructional content only.

1
Arquivos analisados
81
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 2

Seguro

Jan 10, 2026, 11:42 AM

Pure documentation skill containing only markdown guidance for designing AI agent tools. No executable code, no file system access, no network calls, no command execution. This is instructional content only.

1
Arquivos analisados
81
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 1

Seguro

Jan 10, 2026, 11:42 AM

Pure documentation skill containing only markdown guidance for designing AI agent tools. No executable code, no file system access, no network calls, no command execution. This is instructional content only.

1
Arquivos analisados
81
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado