Навыки spec-kit-claude-code-workflow История аудитов
📦

История аудитов

spec-kit-claude-code-workflow - 6 аудиты

Версия аудита 6

Последняя Безопасно

Jun 28, 2026, 03:57 AM

Static analysis reported six possible issues, but all reviewed locations are prose in SKILL.md. No executable code, network activity, system reconnaissance, weak cryptography use, data exfiltration, or prompt injection attempt was found.

1
Просканировано файлов
184
Проанализировано строк
3
Review items
0
False positives ignored

Confirmed security concerns (3)

Низкий
False Positive: Weak Cryptography Pattern
The static hits occur in descriptive workflow text, not in cryptographic code. Line 7 describes the skill, and line 45 discusses folder-specific rule overrides.
The referenced lines contain natural-language documentation only. I found no algorithm names, crypto libraries, key handling, or encryption implementation.
Низкий
False Positive: System Reconnaissance Pattern
The static hits refer to rapid prototyping and rapid specification changes. They do not instruct collection of host, user, process, or environment information.
Both locations are workflow guidance sentences. I found no command usage, filesystem probing, environment access, or inventory collection.
Низкий
False Positive: Network Reconnaissance Pattern
The static hits discuss feedback mechanisms and workflow monitoring. They do not contain network scanning, connection testing, or external endpoint access.
The relevant text is conceptual process guidance. I found no URLs, sockets, port scans, ping commands, or network libraries.
Аудитор:: codex

Версия аудита 5

Безопасно

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
Просканировано файлов
361
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude

Версия аудита 4

Безопасно

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
Просканировано файлов
361
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude

Версия аудита 3

Безопасно

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
Просканировано файлов
184
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude

Версия аудита 2

Безопасно

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
Просканировано файлов
184
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude

Версия аудита 1

Безопасно

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
Просканировано файлов
184
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude