📦

Audit History

backlink-analyzer - 2 audits

Audit version 2

Latest Low Risk

Jun 27, 2026, 06:48 PM

Static analysis reported many high-risk patterns, but review found them in Markdown examples, SEO terminology, example URLs, and relative documentation links. No executable scripts, hidden network requests, credential access, data exfiltration, or prompt injection attempts were found in the reviewed files.

3
Files scanned
1,468
Lines analyzed
7
findings
codex
Audited by
Low Risk Issues (4)
Markdown Examples Misclassified as Shell Execution
The external command alerts are Markdown code fences and output templates. They show user prompts and report formats, not executable shell commands or Ruby backticks.
Example URLs Misclassified as Network Activity
The hardcoded URLs are examples in backlink and disavow documentation. They are not used by code to fetch, post, or transmit data.
Relative Reference Links Misclassified as Path Traversal
The path traversal alerts are relative Markdown links to connector documentation and related skills. They do not read files or access arbitrary paths.

Audit version 1

Safe

Feb 12, 2026, 08:56 AM

Static analysis detected 78 potential security issues across 3 files (1468 lines). After comprehensive evaluation, all findings are confirmed false positives. The detected patterns are markdown code blocks showing example commands, documentation URLs, SEO metric abbreviations (DR/DA), and relative file path references in documentation. This is a legitimate SEO analysis skill with no executable code, making it safe for marketplace publication.

3
Files scanned
1,468
Lines analyzed
6
findings
claude
Audited by
Low Risk Issues (3)
Markdown Code Blocks Flagged as External Commands
Static scanner flagged 32 instances of Ruby/shell backtick execution patterns. These are markdown code block delimiters (```) used for formatting documentation examples, not actual code execution. Found in SKILL.md and reference documentation showing bash command examples and email templates.
Documentation URLs Flagged as Network Calls
Static scanner flagged 3 instances of hardcoded URLs as network security risks. These are example URLs in markdown documentation (e.g., spam-site.com in disavow file examples) and relative file path references, not actual network requests.
Relative File Paths Flagged as Path Traversal
Static scanner flagged 12 instances of path traversal sequences (../). These are relative file path references in markdown documentation linking to other skill files (e.g., ../../CONNECTORS.md), not malicious path traversal attacks.