Audit History

All 190 static findings are FALSE POSITIVES. The 'external_commands' detections are Python code examples in markdown documentation blocks (not shell execution). The 'weak cryptographic algorithm' detections are triggered by common words like 'comprehensive' in documentation text at line 3 of markdown files. The 'system reconnaissance' detections flag statistical terms like ACF/PACF (Autocorrelation Function). This is a legitimate statistical analysis documentation skill with no security risks.

All 190 static findings are FALSE POSITIVES. The 'external_commands' detections are Python code examples in markdown documentation blocks (not shell execution). The 'weak cryptographic algorithm' detections are triggered by common words like 'comprehensive' in documentation text at line 3 of markdown files. The 'system reconnaissance' detections flag statistical terms like ACF/PACF (Autocorrelation Function). This is a legitimate statistical analysis documentation skill with no security risks.

The static analysis findings are false positives. The 'external_commands' detections are from code examples showing Python syntax (backticks in markdown), not actual shell execution. The 'weak cryptographic algorithm' findings appear to be from line 3 references to standard markdown headers, not crypto code. No actual security risks identified.

Documentation-only skill with a local Python utility. No network access, no file system access beyond temp plotting, no credential theft patterns, no malicious code execution. The assumption_checks.py script only operates on user-provided data in memory.