Навыки large-report-editor История аудитов
📦

История аудитов

large-report-editor - 7 аудиты

Версия аудита 7

Последняя Низкий риск

Jun 28, 2026, 03:48 AM

The three external command findings are false positives caused by Markdown inline code around file paths on lines 7, 8, and 10. The weak cryptography finding is also a false positive because line 3 uses descriptive report-editing language, not a cryptographic algorithm. The skill does involve local file editing workflows, so it carries normal filesystem caution but no confirmed malicious behavior.

1
Просканировано файлов
11
Проанализировано строк
3
Review items
0
False positives ignored

Confirmed security concerns (1)

Низкий
False Positive: Descriptive Text Flagged As Weak Cryptography
Line 3 contains the phrase legal-grade citation rules in the skill description. It does not reference MD5, SHA-1, DES, RC4, or any weak cryptographic algorithm.
The finding appears to match descriptive wording rather than code or configuration. The reviewed file has no cryptographic operations.
Capability review items (1)

These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.

Низкий
False Positive: Markdown Inline Paths Flagged As Commands
Lines 7, 8, and 10 use Markdown inline code to reference files and folders. They do not contain Ruby backtick execution, shell execution, or user-controlled command construction.
The flagged text is enclosed in Markdown inline code spans and names local documentation paths. No executable syntax or command invocation appears in the file.

Факторы риска

📁 Доступ к файловой системе (1)
Аудитор:: codex

Версия аудита 6

Безопасно

Jan 21, 2026, 02:54 PM

Static analysis detected patterns related to URL references, file paths, and markdown formatting that are false positives. The skill is a document editing tool for Markdown research reports with no actual network calls, file system exploitation, or code execution risks. All detected patterns stem from metadata fields and documentation references.

2
Просканировано файлов
225
Проанализировано строк
2
Review items
2
False positives ignored
Static false positives ignored (2)

These static matches were dismissed by semantic review or matched schema-only tokens, so they are shown for transparency but do not drive the quality score.

Высокий
Weak Cryptographic Algorithm (FALSE POSITIVE)
Static analyzer detected patterns interpreted as weak crypto algorithms. Investigation reveals these are false positives caused by documentation strings containing words like 'StableID' that match crypto-related patterns. The skill does not perform any cryptographic operations.
Средний
Ruby/Shell Backtick Execution (FALSE POSITIVE)
Static analyzer detected backtick syntax and flagged as shell execution risk. In context, backticks are used for Markdown code formatting in documentation, not Ruby/shell command execution. No actual backtick operator usage exists in the skill code.

Факторы риска

📁 Доступ к файловой системе (1)
⚙️ Внешние команды (3)
Аудитор:: claude

Версия аудита 5

Средний риск Audit incomplete

Jan 16, 2026, 03:26 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Просканировано файлов
187
Проанализировано строк
2
Review items
0
False positives ignored

Факторы риска

⚙️ Внешние команды (3)

Обнаруженные паттерны

Weak cryptographic algorithmRuby/shell backtick execution
Аудитор:: claude

Версия аудита 4

Средний риск Audit incomplete

Jan 16, 2026, 03:26 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

Manual review required

This audit did not complete successfully. The quality score is capped until a successful audit is available.

2
Просканировано файлов
187
Проанализировано строк
2
Review items
0
False positives ignored

Факторы риска

⚙️ Внешние команды (3)

Обнаруженные паттерны

Weak cryptographic algorithmRuby/shell backtick execution
Аудитор:: claude

Версия аудита 3

Безопасно

Jan 10, 2026, 09:40 AM

This is a prompt-only skill with no executable code. It contains only YAML frontmatter and markdown instructions for editing large Markdown reports. No network calls, filesystem access, or command execution capabilities.

1
Просканировано файлов
11
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude

Версия аудита 2

Безопасно

Jan 10, 2026, 09:40 AM

This is a prompt-only skill with no executable code. It contains only YAML frontmatter and markdown instructions for editing large Markdown reports. No network calls, filesystem access, or command execution capabilities.

1
Просканировано файлов
11
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude

Версия аудита 1

Безопасно

Jan 10, 2026, 09:40 AM

This is a prompt-only skill with no executable code. It contains only YAML frontmatter and markdown instructions for editing large Markdown reports. No network calls, filesystem access, or command execution capabilities.

1
Просканировано файлов
11
Проанализировано строк
0
Review items
0
False positives ignored
Проблем безопасности не найдено
Аудитор:: claude