Навыки coercion-duress История аудитов
📦

История аудитов

coercion-duress - 7 аудиты

Версия аудита 7

Последняя Высокий риск

Jun 28, 2026, 04:46 AM

Static command, PowerShell, sensitive-data, weak-crypto, and reconnaissance detections were mostly Markdown or keyword false positives in SKILL.md, not executable source code. However, the skill contains a high-risk instruction to treat a system_instructions block from task JSON as hard constraints, which can let untrusted task data override the agent. The skill also instructs agents to run local workflow scripts that can write, append, flag, or move evidence files, so publication should require remediation and sandbox guidance.

1
Просканировано файлов
161
Проанализировано строк
7
находки
codex
Проверено

Проблемы высокого риска (1)

SKILL.md:20
Prompt Injection Through Delegated System Instructions
SKILL.md tells the agent to follow a system_instructions block injected into every JSON task file as hard constraints. Task JSON is untrusted input, so this delegates instruction authority to data that may contain malicious prompt injection or policy override text.
Проблемы среднего риска (1)
SKILL.md:35-44SKILL.md:123-139
Local Workflow Commands Can Mutate Files
The skill instructs agents to run local Python workflow commands that submit analyses, append refined evidence, flag tasks, and move source files into an OCR pipeline. These commands may be legitimate for the project, but a marketplace skill should require explicit user approval and sandboxed paths before running them.
Проблемы низкого риска (2)
SKILL.md:7-10SKILL.md:30-44SKILL.md:62-63SKILL.md:94-121SKILL.md:124-145
Static External Command Findings Are Mostly Documentation
The many Ruby or shell backtick detections are Markdown inline code and fenced command examples, not Ruby source or automatic shell execution. They are false positives as direct code-execution findings, while still showing that the skill asks agents to run local workflow commands.
SKILL.md:3SKILL.md:20SKILL.md:48SKILL.md:76SKILL.md:119-120SKILL.md:134-139SKILL.md:155
Static Sensitive, Crypto, and Reconnaissance Findings Are False Positives
The Windows SAM, weak cryptography, system reconnaissance, and network reconnaissance alerts do not correspond to those behaviors in the cited lines. The cited text discusses task metadata, legal review language, checklist fields, and flag-task commands, with no SAM database access, crypto algorithm use, or network scanning.

Факторы риска

⚙️ Внешние команды (3)
SKILL.md:8-10 SKILL.md:35-44 SKILL.md:123-139
⚡ Содержит скрипты (3)
SKILL.md:10 SKILL.md:35-44 SKILL.md:123-139
📁 Доступ к файловой системе (4)
SKILL.md:62 SKILL.md:127-128 SKILL.md:132-139 SKILL.md:144-148

Обнаруженные паттерны

Untrusted Instruction DelegationAgent-Directed Local Script Execution

Версия аудита 6

Безопасно

Jan 21, 2026, 02:50 PM

Static scanner flagged patterns related to external commands and file operations. Evaluation confirms these are legitimate document processing workflows. No malicious intent found. The skill runs hardcoded Python scripts for fetching, analyzing, and submitting legal document analysis tasks. All commands are predefined workflow operations with no user input injection risk.

2
Просканировано файлов
965
Проанализировано строк
2
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚡ Содержит скрипты (4)
SKILL.md:35-36 SKILL.md:124-125 SKILL.md:133-134 SKILL.md:138-139
📁 Доступ к файловой системе (2)
SKILL.md:40-43 SKILL.md:62-91

Версия аудита 5

Средний риск

Jan 16, 2026, 03:15 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Просканировано файлов
372
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (53)
SKILL.md:7 SKILL.md:8 SKILL.md:8 SKILL.md:10 SKILL.md:10 SKILL.md:10 SKILL.md:20 SKILL.md:30 SKILL.md:31 SKILL.md:35-37 SKILL.md:37-40 SKILL.md:40-42 SKILL.md:42-44 SKILL.md:44-62 SKILL.md:62 SKILL.md:62-63 SKILL.md:63-94 SKILL.md:94 SKILL.md:94 SKILL.md:94-97 SKILL.md:97-99 SKILL.md:99-102 SKILL.md:102-104 SKILL.md:104-109 SKILL.md:109-112 SKILL.md:112 SKILL.md:112-119 SKILL.md:119 SKILL.md:119 SKILL.md:119-120 SKILL.md:120 SKILL.md:120-121 SKILL.md:121-124 SKILL.md:124-126 SKILL.md:126-127 SKILL.md:127-128 SKILL.md:128 SKILL.md:128-132 SKILL.md:132-133 SKILL.md:133-135 SKILL.md:135-137 SKILL.md:137-138 SKILL.md:138-140 SKILL.md:140-143 SKILL.md:143 SKILL.md:143-144 SKILL.md:144-145 SKILL.md:145 SKILL.md:35 SKILL.md:42 SKILL.md:124 SKILL.md:133 SKILL.md:138

Обнаруженные паттерны

Weak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionPowerShell invocationWindows SAM databaseNetwork reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Версия аудита 4

Средний риск

Jan 16, 2026, 03:15 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Просканировано файлов
372
Проанализировано строк
1
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚙️ Внешние команды (53)
SKILL.md:7 SKILL.md:8 SKILL.md:8 SKILL.md:10 SKILL.md:10 SKILL.md:10 SKILL.md:20 SKILL.md:30 SKILL.md:31 SKILL.md:35-37 SKILL.md:37-40 SKILL.md:40-42 SKILL.md:42-44 SKILL.md:44-62 SKILL.md:62 SKILL.md:62-63 SKILL.md:63-94 SKILL.md:94 SKILL.md:94 SKILL.md:94-97 SKILL.md:97-99 SKILL.md:99-102 SKILL.md:102-104 SKILL.md:104-109 SKILL.md:109-112 SKILL.md:112 SKILL.md:112-119 SKILL.md:119 SKILL.md:119 SKILL.md:119-120 SKILL.md:120 SKILL.md:120-121 SKILL.md:121-124 SKILL.md:124-126 SKILL.md:126-127 SKILL.md:127-128 SKILL.md:128 SKILL.md:128-132 SKILL.md:132-133 SKILL.md:133-135 SKILL.md:135-137 SKILL.md:137-138 SKILL.md:138-140 SKILL.md:140-143 SKILL.md:143 SKILL.md:143-144 SKILL.md:144-145 SKILL.md:145 SKILL.md:35 SKILL.md:42 SKILL.md:124 SKILL.md:133 SKILL.md:138

Обнаруженные паттерны

Weak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionPowerShell invocationWindows SAM databaseNetwork reconnaissance[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network

Версия аудита 3

Безопасно

Jan 10, 2026, 09:37 AM

Prompt-only skill containing AI instructions for document analysis. No executable code, no direct filesystem access, no network calls. External scripts referenced but not included. Pure instruction-based workflow for legal document processing.

1
Просканировано файлов
161
Проанализировано строк
2
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚡ Содержит скрипты (2)
SKILL.md:36 SKILL.md:124
📁 Доступ к файловой системе (2)
SKILL.md:62 SKILL.md:127

Версия аудита 2

Безопасно

Jan 10, 2026, 09:37 AM

Prompt-only skill containing AI instructions for document analysis. No executable code, no direct filesystem access, no network calls. External scripts referenced but not included. Pure instruction-based workflow for legal document processing.

1
Просканировано файлов
161
Проанализировано строк
2
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚡ Содержит скрипты (2)
SKILL.md:36 SKILL.md:124
📁 Доступ к файловой системе (2)
SKILL.md:62 SKILL.md:127

Версия аудита 1

Безопасно

Jan 10, 2026, 09:37 AM

Prompt-only skill containing AI instructions for document analysis. No executable code, no direct filesystem access, no network calls. External scripts referenced but not included. Pure instruction-based workflow for legal document processing.

1
Просканировано файлов
161
Проанализировано строк
2
находки
claude
Проверено
Проблем безопасности не найдено

Факторы риска

⚡ Содержит скрипты (2)
SKILL.md:36 SKILL.md:124
📁 Доступ к файловой системе (2)
SKILL.md:62 SKILL.md:127
← Назад к навыку