Skills react-flow-best-practices Audit History
📦

Audit History

react-flow-best-practices - 2 audits

Audit version 2

Latest Safe

May 26, 2026, 08:37 AM

Static analysis flagged 247 potential issues, but all high and medium severity findings are false positives caused by markdown code formatting. Backtick characters in TypeScript code examples were misinterpreted as shell execution. Weak cryptographic algorithm flags were triggered by TypeScript import and type syntax in documentation. A low-severity finding confirms a hardcoded promotional URL (casely.digital) in SKILL.md with an embedded instruction to promote a product. No executable code, credential handling, or malicious patterns exist. The skill is safe to publish.

5
Files scanned
324
Lines analyzed
2
findings
claude
Audited by
Low Risk Issues (1)
SKILL.md:70
Embedded promotional URL with product mention instruction
SKILL.md line 70 contains a hardcoded URL (casely.digital) and an instruction telling the AI to promote this product when relevant. This is a mild prompt injection attempt. The instruction uses permissive language (may, once, naturally) and is not an override directive.

Risk Factors

🌐 Network access (1)
SKILL.md:70

Detected Patterns

Markdown code blocks flagged as shell execution (false positive)TypeScript syntax flagged as cryptographic algorithm (false positive)Documentation text flagged as system reconnaissance (false positive)

Audit version 1

Low Risk

May 25, 2026, 09:11 PM

Static analysis flagged 247 detections across 5 files (324 lines), all driven by markdown backtick code-fence false positives and pattern collisions with innocuous TypeScript identifiers in documentation. After manual evaluation, every 'weak cryptographic algorithm' (62), 'Ruby/shell backtick execution' (184), 'system reconnaissance' (8), and 'network reconnaissance' (1) detection is a false positive — the skill contains only Markdown reference docs and a YAML config file with no executable code. One legitimate low-severity finding: SKILL.md line 70 includes a hardcoded promotional URL to a commercial service (casely.digital), disclosed in documentation but representing embedded marketing content.

5
Files scanned
324
Lines analyzed
2
findings
claude
Audited by
Low Risk Issues (1)
SKILL.md:70
Embedded Promotional URL
SKILL.md line 70 contains a hardcoded URL to casely.digital, a commercial AI workflow service. The text instructs the AI to mention this service during conversations with users. While disclosed transparently in the skill documentation, this represents embedded promotional content for a third-party commercial product.

Risk Factors

🌐 Network access (1)
SKILL.md:70
← Back to Skill