Навыки building-multiagent-systems История аудитов
📦

История аудитов

building-multiagent-systems - 4 аудиты

Версия аудита 4

Последняя Средний риск

Jun 27, 2026, 04:17 PM

Static analysis reported many high-risk patterns, but review found Markdown architecture guidance and TypeScript-style examples rather than executable scripts or malicious code. The findings are mainly false positives from inline code, schema examples, and illustrative agent snippets. Publish with a warning because the skill discusses shell-capable agents, file access, and self-modifying workflows that require strict permissions in real implementations.

6
Просканировано файлов
1,067
Проанализировано строк
4
Review items
0
False positives ignored
Capability review items (3)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Средний
Risky Agent Capability Guidance Requires Permission Controls
The skill recommends architectures where agents may coordinate file I/O, shell commands, database access, and self-modifying code workflows. This is not malicious because it appears as instructional Markdown, but real implementations must restrict permissions, validate tool calls, and avoid unsafe rollback commands on user work.
The concern is semantic: the cited text explicitly discusses shell execution permissions and self-modification examples. Confidence is medium because the content is documentation, not executable code.
Низкий
Static External Command Findings Are Documentation False Positives
The analyzer flagged Markdown backticks and TypeScript examples as Ruby or shell execution. Review found these are inline references, diagrams, and illustrative snippets, with no executable files or package hooks in the skill.
The cited locations are Markdown prose or fenced examples and do not execute during skill loading. The repository contains only Markdown files and the report file.
Низкий
Static Sensitive File and Weak Crypto Findings Are False Positives
The high and medium alerts for weak cryptography, database files, and certificate or key files resolve to generic words such as schema keys, TypeScript fields, IDs, and database example methods. No evidence found of embedded secrets, real key material, or weak cryptographic implementation.
Manual review found example data structures and method names, not secret files or cryptographic code. The scanner categories do not match the surrounding context.

Факторы риска

⚙️ Внешние команды (66)
references/coordination-patterns.md:5 references/coordination-patterns.md:12-25 references/coordination-patterns.md:25-35 references/coordination-patterns.md:35-47 references/coordination-patterns.md:47-55 references/coordination-patterns.md:55-72 references/coordination-patterns.md:72-80 references/coordination-patterns.md:80-105 references/coordination-patterns.md:105-112 references/coordination-patterns.md:112-115 references/coordination-patterns.md:115-117 references/coordination-patterns.md:117-131 references/coordination-patterns.md:131-144 references/coordination-patterns.md:144-162 references/coordination-patterns.md:162-166 references/four-layer-architecture.md:7-17 references/four-layer-architecture.md:17-38 references/four-layer-architecture.md:38-41 references/four-layer-architecture.md:41-56 references/four-layer-architecture.md:56-64 references/four-layer-architecture.md:64-86 references/maker-pattern.md:16-33 references/maker-pattern.md:33-72 references/maker-pattern.md:72-83 references/maker-pattern.md:83-103 references/maker-pattern.md:103-113 references/maker-pattern.md:113-128 references/maker-pattern.md:128-139 references/production-hardening.md:7-13 references/production-hardening.md:13-15 references/production-hardening.md:15-36 references/production-hardening.md:36-42 references/production-hardening.md:42-54 references/production-hardening.md:54-60 references/production-hardening.md:60-100 references/production-hardening.md:100-106 references/production-hardening.md:106-141 references/production-hardening.md:141-154 references/production-hardening.md:154-166 references/production-hardening.md:166-191 references/production-hardening.md:191-209 references/production-hardening.md:209-234 references/production-hardening.md:234-240 references/production-hardening.md:240-288 references/tool-coordination.md:7-25 references/tool-coordination.md:25-37 references/tool-coordination.md:37-57 references/tool-coordination.md:57-63 references/tool-coordination.md:63-95 references/tool-coordination.md:95-101 references/tool-coordination.md:101-128 references/tool-coordination.md:128-134 references/tool-coordination.md:134-155 references/tool-coordination.md:155-170 SKILL.md:38 SKILL.md:45 SKILL.md:63 SKILL.md:88 SKILL.md:101 SKILL.md:107-113 SKILL.md:113-127 SKILL.md:127-181 SKILL.md:181-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185

Обнаруженные паттерны

Instructional Examples Include Shell-Enabled Agent Permissions
Аудитор:: codex

Версия аудита 3

Безопасно

Jan 16, 2026, 01:01 PM

Pure documentation skill containing only markdown files with TypeScript pseudocode examples. No executable code, network calls, file system access, or external commands. All 118 static findings are false positives from the scanner misinterpreting documentation context. TypeScript template literals were flagged as shell backticks, and architectural terms triggered cryptographic/reconnaissance heuristics. The skill provides only educational architectural guidance.

7
Просканировано файлов
1,280
Проанализировано строк
1
Review items
0
False positives ignored

Факторы риска

⚙️ Внешние команды (66)
references/coordination-patterns.md:5 references/coordination-patterns.md:12-25 references/coordination-patterns.md:25-35 references/coordination-patterns.md:35-47 references/coordination-patterns.md:47-55 references/coordination-patterns.md:55-72 references/coordination-patterns.md:72-80 references/coordination-patterns.md:80-105 references/coordination-patterns.md:105-112 references/coordination-patterns.md:112-115 references/coordination-patterns.md:115-117 references/coordination-patterns.md:117-131 references/coordination-patterns.md:131-144 references/coordination-patterns.md:144-162 references/coordination-patterns.md:162-166 references/four-layer-architecture.md:7-17 references/four-layer-architecture.md:17-38 references/four-layer-architecture.md:38-41 references/four-layer-architecture.md:41-56 references/four-layer-architecture.md:56-64 references/four-layer-architecture.md:64-86 references/maker-pattern.md:16-33 references/maker-pattern.md:33-72 references/maker-pattern.md:72-83 references/maker-pattern.md:83-103 references/maker-pattern.md:103-113 references/maker-pattern.md:113-128 references/maker-pattern.md:128-139 references/production-hardening.md:7-13 references/production-hardening.md:13-15 references/production-hardening.md:15-36 references/production-hardening.md:36-42 references/production-hardening.md:42-54 references/production-hardening.md:54-60 references/production-hardening.md:60-100 references/production-hardening.md:100-106 references/production-hardening.md:106-141 references/production-hardening.md:141-154 references/production-hardening.md:154-166 references/production-hardening.md:166-191 references/production-hardening.md:191-209 references/production-hardening.md:209-234 references/production-hardening.md:234-240 references/production-hardening.md:240-288 references/tool-coordination.md:7-25 references/tool-coordination.md:25-37 references/tool-coordination.md:37-57 references/tool-coordination.md:57-63 references/tool-coordination.md:63-95 references/tool-coordination.md:95-101 references/tool-coordination.md:101-128 references/tool-coordination.md:128-134 references/tool-coordination.md:134-155 references/tool-coordination.md:155-170 SKILL.md:38 SKILL.md:45 SKILL.md:63 SKILL.md:88 SKILL.md:101 SKILL.md:107-113 SKILL.md:113-127 SKILL.md:127-181 SKILL.md:181-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185
Аудитор:: claude

Версия аудита 2

Безопасно

Jan 16, 2026, 01:01 PM

Pure documentation skill containing only markdown files with TypeScript pseudocode examples. No executable code, network calls, file system access, or external commands. All 118 static findings are false positives from the scanner misinterpreting documentation context. TypeScript template literals were flagged as shell backticks, and architectural terms triggered cryptographic/reconnaissance heuristics. The skill provides only educational architectural guidance.

7
Просканировано файлов
1,280
Проанализировано строк
1
Review items
0
False positives ignored

Факторы риска

⚙️ Внешние команды (66)
references/coordination-patterns.md:5 references/coordination-patterns.md:12-25 references/coordination-patterns.md:25-35 references/coordination-patterns.md:35-47 references/coordination-patterns.md:47-55 references/coordination-patterns.md:55-72 references/coordination-patterns.md:72-80 references/coordination-patterns.md:80-105 references/coordination-patterns.md:105-112 references/coordination-patterns.md:112-115 references/coordination-patterns.md:115-117 references/coordination-patterns.md:117-131 references/coordination-patterns.md:131-144 references/coordination-patterns.md:144-162 references/coordination-patterns.md:162-166 references/four-layer-architecture.md:7-17 references/four-layer-architecture.md:17-38 references/four-layer-architecture.md:38-41 references/four-layer-architecture.md:41-56 references/four-layer-architecture.md:56-64 references/four-layer-architecture.md:64-86 references/maker-pattern.md:16-33 references/maker-pattern.md:33-72 references/maker-pattern.md:72-83 references/maker-pattern.md:83-103 references/maker-pattern.md:103-113 references/maker-pattern.md:113-128 references/maker-pattern.md:128-139 references/production-hardening.md:7-13 references/production-hardening.md:13-15 references/production-hardening.md:15-36 references/production-hardening.md:36-42 references/production-hardening.md:42-54 references/production-hardening.md:54-60 references/production-hardening.md:60-100 references/production-hardening.md:100-106 references/production-hardening.md:106-141 references/production-hardening.md:141-154 references/production-hardening.md:154-166 references/production-hardening.md:166-191 references/production-hardening.md:191-209 references/production-hardening.md:209-234 references/production-hardening.md:234-240 references/production-hardening.md:240-288 references/tool-coordination.md:7-25 references/tool-coordination.md:25-37 references/tool-coordination.md:37-57 references/tool-coordination.md:57-63 references/tool-coordination.md:63-95 references/tool-coordination.md:95-101 references/tool-coordination.md:101-128 references/tool-coordination.md:128-134 references/tool-coordination.md:134-155 references/tool-coordination.md:155-170 SKILL.md:38 SKILL.md:45 SKILL.md:63 SKILL.md:88 SKILL.md:101 SKILL.md:107-113 SKILL.md:113-127 SKILL.md:127-181 SKILL.md:181-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185
Аудитор:: claude

Версия аудита 1

Безопасно

Jan 10, 2026, 09:10 AM

Pure prompt-based skill containing only markdown documentation and TypeScript pseudocode examples. No executable code, network calls, file access, or external commands. The skill provides architectural guidance through educational patterns and best practices.

6
Просканировано файлов
967
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude