Audit History
ai-native-development - 6 audits
Audit version 6
Latest Medium RiskJun 28, 2026, 10:29 AM
Static analysis reported many high-risk patterns, but most are false positives from Markdown code fences, template strings, API documentation links, and normal SDK environment-variable configuration. No prompt injection attempt, malicious exfiltration, or hidden command execution intent was found. The main residual risk is unsafe copy-paste sample code, especially an eval-based calculator tool and broad autonomous-agent tool templates.
Medium Risk Issues (3)
Low Risk Issues (4)
Risk Factors
⚡ Contains scripts (1)
🌐 Network access (3)
📁 Filesystem access (2)
🔑 Env variables (4)
⚙️ External commands (3)
Detected Patterns
Audit version 5
Low RiskJan 16, 2026, 04:18 PM
This skill is educational/reference content for AI-native development patterns. Static scanner flagged 401 patterns, but all are FALSE POSITIVES. The flagged patterns (eval, process.env, backticks, grep commands) are legitimate documentation and template code for building AI agents. No malicious intent, data exfiltration, or unauthorized credential access found.
Risk Factors
⚙️ External commands (2)
🔑 Env variables (1)
⚡ Contains scripts (1)
Audit version 4
Low RiskJan 16, 2026, 04:18 PM
This skill is educational/reference content for AI-native development patterns. Static scanner flagged 401 patterns, but all are FALSE POSITIVES. The flagged patterns (eval, process.env, backticks, grep commands) are legitimate documentation and template code for building AI agents. No malicious intent, data exfiltration, or unauthorized credential access found.
Risk Factors
⚙️ External commands (2)
🔑 Env variables (1)
⚡ Contains scripts (1)
Audit version 3
SafeJan 10, 2026, 10:25 AM
This skill is a pure knowledge module containing only documentation and TypeScript code templates for building AI applications. No executable scripts, no network behavior beyond documented API patterns, no filesystem access outside the skill directory, and no suspicious capabilities detected. Safe for marketplace publication.
Low Risk Issues (1)
Audit version 2
SafeJan 10, 2026, 10:25 AM
This skill is a pure knowledge module containing only documentation and TypeScript code templates for building AI applications. No executable scripts, no network behavior beyond documented API patterns, no filesystem access outside the skill directory, and no suspicious capabilities detected. Safe for marketplace publication.
Low Risk Issues (1)
Audit version 1
SafeJan 10, 2026, 10:25 AM
This skill is a pure knowledge module containing only documentation and TypeScript code templates for building AI applications. No executable scripts, no network behavior beyond documented API patterns, no filesystem access outside the skill directory, and no suspicious capabilities detected. Safe for marketplace publication.