Skills tunit Audit History
📦

Audit History

tunit - 6 audits

Audit version 6

Latest Medium Risk

Jun 28, 2026, 08:51 AM

Static analysis reported many external command hits plus weak cryptography and network reconnaissance indicators. Manual review found the weak cryptography and network reconnaissance indicators are false positives from Markdown text, while the external commands are legitimate dotnet test examples. Risk is medium because the skill directs agents to execute local test projects, which can run repository code and start Playwright resources.

1
Files scanned
94
Lines analyzed
3
findings
codex
Audited by
Medium Risk Issues (1)
SKILL.md:12-14SKILL.md:20-26SKILL.md:32-54SKILL.md:62-69
External Test Command Execution
The skill gives dotnet run examples for a local TUnit Playwright test project. This is expected for a test-runner skill, but it causes the assistant to execute repository code and may start browsers or a local server.
Low Risk Issues (1)
SKILL.md:3SKILL.md:73SKILL.md:90
Dismissed Static Weak Cryptography and Network Matches
Static analysis flagged weak cryptography at lines 3 and 73 and network reconnaissance at line 90. Manual review found no cryptographic operation or network scanning command in those lines.

Risk Factors

⚙️ External commands (6)
SKILL.md:12-14 SKILL.md:20-26 SKILL.md:32-34 SKILL.md:37-39 SKILL.md:42-54 SKILL.md:62-69

Detected Patterns

Shell Commands in Markdown Instructions

Audit version 5

Safe

Jan 16, 2026, 04:43 PM

Documentation-only skill containing test execution instructions. Contains bash command examples for running TUnit tests with Playwright. No executable code, no network calls, no file system access beyond standard documentation. Pure prompt-based skill with safe behavior matching stated purpose. All 47 static findings are false positives from pattern matching on documentation text.

2
Files scanned
270
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

⚙️ External commands (33)
SKILL.md:8 SKILL.md:12-14 SKILL.md:14-20 SKILL.md:20-26 SKILL.md:26-29 SKILL.md:29 SKILL.md:29-32 SKILL.md:32-34 SKILL.md:34-37 SKILL.md:37-39 SKILL.md:39-42 SKILL.md:42-54 SKILL.md:54-58 SKILL.md:58 SKILL.md:58-62 SKILL.md:62-63 SKILL.md:63-69 SKILL.md:69-75 SKILL.md:75-76 SKILL.md:76-77 SKILL.md:77-78 SKILL.md:78-82 SKILL.md:82-83 SKILL.md:83-84 SKILL.md:84-85 SKILL.md:85-86 SKILL.md:86 SKILL.md:86-90 SKILL.md:90 SKILL.md:90-91 SKILL.md:91-92 SKILL.md:92 SKILL.md:92-93

Audit version 4

Safe

Jan 16, 2026, 04:43 PM

Documentation-only skill containing test execution instructions. Contains bash command examples for running TUnit tests with Playwright. No executable code, no network calls, no file system access beyond standard documentation. Pure prompt-based skill with safe behavior matching stated purpose. All 47 static findings are false positives from pattern matching on documentation text.

2
Files scanned
270
Lines analyzed
1
findings
claude
Audited by
No security issues found

Risk Factors

⚙️ External commands (33)
SKILL.md:8 SKILL.md:12-14 SKILL.md:14-20 SKILL.md:20-26 SKILL.md:26-29 SKILL.md:29 SKILL.md:29-32 SKILL.md:32-34 SKILL.md:34-37 SKILL.md:37-39 SKILL.md:39-42 SKILL.md:42-54 SKILL.md:54-58 SKILL.md:58 SKILL.md:58-62 SKILL.md:62-63 SKILL.md:63-69 SKILL.md:69-75 SKILL.md:75-76 SKILL.md:76-77 SKILL.md:77-78 SKILL.md:78-82 SKILL.md:82-83 SKILL.md:83-84 SKILL.md:84-85 SKILL.md:85-86 SKILL.md:86 SKILL.md:86-90 SKILL.md:90 SKILL.md:90-91 SKILL.md:91-92 SKILL.md:92 SKILL.md:92-93

Audit version 3

Safe

Jan 10, 2026, 10:20 AM

Documentation-only skill containing test execution instructions. No executable code, no network calls, no file system access beyond documentation. Pure prompt-based skill with safe behavior matching stated purpose.

1
Files scanned
94
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 2

Safe

Jan 10, 2026, 10:20 AM

Documentation-only skill containing test execution instructions. No executable code, no network calls, no file system access beyond documentation. Pure prompt-based skill with safe behavior matching stated purpose.

1
Files scanned
94
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 1

Safe

Jan 10, 2026, 10:20 AM

Documentation-only skill containing test execution instructions. No executable code, no network calls, no file system access beyond documentation. Pure prompt-based skill with safe behavior matching stated purpose.

1
Files scanned
94
Lines analyzed
0
findings
claude
Audited by
No security issues found
← Back to Skill