История аудитов
manager-planner - 7 аудиты
Версия аудита 7
Последняя Средний рискJun 28, 2026, 03:51 AM
The static analyzer flagged many Markdown backticks as Ruby or shell execution, and those are mostly false positives. Human review confirmed that the skill does instruct agents to run repository-local Python utilities and cleanup commands, so it carries a legitimate external-command risk but no evidence of malicious intent.
Confirmed security concerns (2)
Capability review items (1)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Факторы риска
⚙️ Внешние команды (5)
Обнаруженные паттерны
Версия аудита 6
Низкий рискJan 21, 2026, 02:57 PM
All static findings are false positives. The skill is a legitimate workflow orchestration system for document processing. Scanner flagged SHA256 hashes as C2/weak crypto (they are secure hashes for file integrity), and documentation code examples in SKILL.md as command execution (they are markdown references, not code). No malicious patterns confirmed.
Факторы риска
⚙️ Внешние команды (1)
⚡ Содержит скрипты (1)
Версия аудита 5
Средний риск Audit incompleteJan 16, 2026, 03:32 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
This audit did not complete successfully. The quality score is capped until a successful audit is available.
Факторы риска
⚙️ Внешние команды (42)
Обнаруженные паттерны
Версия аудита 4
Средний риск Audit incompleteJan 16, 2026, 03:32 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
This audit did not complete successfully. The quality score is capped until a successful audit is available.
Факторы риска
⚙️ Внешние команды (42)
Обнаруженные паттерны
Версия аудита 3
Низкий рискJan 10, 2026, 09:40 AM
Prompt-based orchestration skill with no executable code. References internal Python scripts for system health checks, but these are part of the managed system's own tooling. No network calls, credential access, or suspicious behavior detected. Legitimate agent coordination tool.
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Факторы риска
⚡ Содержит скрипты (3)
📁 Доступ к файловой системе (3)
Версия аудита 2
Низкий рискJan 10, 2026, 09:40 AM
Prompt-based orchestration skill with no executable code. References internal Python scripts for system health checks, but these are part of the managed system's own tooling. No network calls, credential access, or suspicious behavior detected. Legitimate agent coordination tool.
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Факторы риска
⚡ Содержит скрипты (3)
📁 Доступ к файловой системе (3)
Версия аудита 1
Низкий рискJan 10, 2026, 09:40 AM
Prompt-based orchestration skill with no executable code. References internal Python scripts for system health checks, but these are part of the managed system's own tooling. No network calls, credential access, or suspicious behavior detected. Legitimate agent coordination tool.
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.