Audit History

Audit version 6

Latest Low Risk

Jun 28, 2026, 08:15 AM

Static analysis reported external command, weak cryptography, and reconnaissance patterns, but the reviewed locations are Markdown prose or fenced JSON/YAML examples. No executable code, shell command construction, cryptographic implementation, reconnaissance logic, network calls, environment access, or prompt injection text was found. The skill is safe to publish with the static findings dismissed as false positives.

1

Files scanned

255

Lines analyzed

2

findings

codex

Audited by

Low Risk Issues (2)

SKILL.md:40 SKILL.md:53 SKILL.md:67 SKILL.md:69 SKILL.md:72 SKILL.md:82 SKILL.md:87 SKILL.md:97 SKILL.md:100 SKILL.md:106 SKILL.md:109 SKILL.md:115 SKILL.md:118 SKILL.md:129 SKILL.md:168 SKILL.md:186 SKILL.md:204 SKILL.md:217 SKILL.md:225 SKILL.md:239 SKILL.md:247

False Positive: Markdown Examples Misclassified as External Commands

The static analyzer flagged Markdown code fences and example JSON/YAML blocks as Ruby or shell backtick execution. These locations contain documentation examples only; no executable command invocation or command construction is present.

SKILL.md:3 SKILL.md:26 SKILL.md:33 SKILL.md:88 SKILL.md:101 SKILL.md:110 SKILL.md:119 SKILL.md:190

False Positive: Documentation Text Misclassified as Blocker Patterns

The weak cryptography and system reconnaissance alerts point to frontmatter, prose, and JSON examples. No evidence found of hashing, encryption, operating system reconnaissance, filesystem enumeration, network access, or credential handling.

Audit version 5

Safe

Jan 16, 2026, 03:24 PM

This is a pure prompt-based skill with no code execution, file access, or network capabilities. The skill provides only instructions for AI agents to help users validate, format, and fix JSON data. All 41 static findings are false positives caused by keyword-based pattern detection misinterpreting markdown documentation as security threats.

2

Files scanned

429

Lines analyzed

1

findings

claude

Audited by

No security issues found

Audit version 4

Safe

Jan 16, 2026, 03:24 PM

This is a pure prompt-based skill with no code execution, file access, or network capabilities. The skill provides only instructions for AI agents to help users validate, format, and fix JSON data. All 41 static findings are false positives caused by keyword-based pattern detection misinterpreting markdown documentation as security threats.

2

Files scanned

429

Lines analyzed

1

findings

claude

Audited by

No security issues found

Audit version 3

Safe

Jan 10, 2026, 10:16 AM

This is a pure prompt-based skill with no code execution, file access, or network capabilities. The skill provides only instructions for AI agents to help users validate, format, and fix JSON data.

1

Files scanned

255

Lines analyzed

0

findings

claude

Audited by

No security issues found

Audit version 2

Safe

Jan 10, 2026, 10:16 AM

This is a pure prompt-based skill with no code execution, file access, or network capabilities. The skill provides only instructions for AI agents to help users validate, format, and fix JSON data.

1

Files scanned

255

Lines analyzed

0

findings

claude

Audited by

No security issues found

Audit version 1

Safe

Jan 10, 2026, 10:16 AM

This is a pure prompt-based skill with no code execution, file access, or network capabilities. The skill provides only instructions for AI agents to help users validate, format, and fix JSON data.

1

Files scanned

255

Lines analyzed

0

findings

claude

Audited by

No security issues found

Audit version 6

Audit version 5

Risk Factors

Audit version 4

Risk Factors

Audit version 3

Audit version 2

Audit version 1