📦

Audit History

type-safety-validation - 7 audits

Audit version 7

Latest Low Risk

Jun 28, 2026, 10:43 AM

The static analyzer flagged many high-risk patterns, but review shows they are markdown code fences, TypeScript examples, documentation URLs, and relative imports. No malicious behavior or prompt injection was found. One low-risk documentation issue remains because a sample tRPC mutation uses publicProcedure without showing authentication.

1
Files scanned
326
Lines analyzed
7
findings
codex
Audited by
Low Risk Issues (4)
Static Command Execution Detections Are Markdown False Positives
The external command findings point to markdown code fences and TypeScript sample blocks, not runnable Ruby or shell backtick execution. The skill contains instructional examples, and no executable script file or command invocation was found.
Network And Filesystem Detections Are Documentation Examples
The hardcoded URL findings are localhost, example API, and public documentation links. The filesystem findings are TypeScript method chaining and a relative import inside sample code, not hidden file access or path traversal.
Weak Crypto And Reconnaissance Detections Are Terminology False Positives
The blocker findings map to general TypeScript, Prisma, or decorator terminology such as descriptions, descending sort order, and type utilities. No hashing algorithm, host discovery, scanning logic, or reconnaissance behavior was present.
Sample Mutation Omits Authentication Context
The full-stack example uses publicProcedure for a create mutation and does not show authorization checks. This is not malicious, but users could copy the sample into a production API without adding access control.

Detected Patterns

Unauthenticated Write Procedure In Sample Code

Audit version 6

Safe

Jan 21, 2026, 04:17 PM

Educational skill providing TypeScript type safety patterns and examples. All 61 static findings are false positives from pattern matching in documentation and code examples. No actual security risks detected.

2
Files scanned
926
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 5

Medium Risk

Jan 16, 2026, 05:16 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Files scanned
507
Lines analyzed
3
findings
claude
Audited by
No security issues found

Detected Patterns

Hardcoded URLWeak cryptographic algorithmRuby/shell backtick executionPath traversal sequenceHidden file accessSystem reconnaissanceNetwork reconnaissance

Audit version 4

Medium Risk

Jan 16, 2026, 05:16 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Files scanned
507
Lines analyzed
3
findings
claude
Audited by
No security issues found

Detected Patterns

Hardcoded URLWeak cryptographic algorithmRuby/shell backtick executionPath traversal sequenceHidden file accessSystem reconnaissanceNetwork reconnaissance

Audit version 3

Safe

Jan 10, 2026, 10:54 AM

Pure documentation skill containing only educational content about type safety patterns. No executable code, no network operations, no file access, no external command execution. Risk factor evidence array is empty due to zero detected risk factors.

1
Files scanned
326
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 2

Safe

Jan 10, 2026, 10:54 AM

Pure documentation skill containing only educational content about type safety patterns. No executable code, no network operations, no file access, no external command execution. Risk factor evidence array is empty due to zero detected risk factors.

1
Files scanned
326
Lines analyzed
0
findings
claude
Audited by
No security issues found

Audit version 1

Safe

Jan 10, 2026, 10:54 AM

Pure documentation skill containing only educational content about type safety patterns. No executable code, no network operations, no file access, no external command execution. Risk factor evidence array is empty due to zero detected risk factors.

1
Files scanned
326
Lines analyzed
0
findings
claude
Audited by
No security issues found