技能 foundations-problem-solution-fit 审计历史
📦

审计历史

foundations-problem-solution-fit - 6 审计

审计版本 6

最新 安全

Jun 28, 2026, 02:48 PM

The static analyzer reported command execution, weak cryptography, and reconnaissance patterns, but review found these are false positives in Markdown templates and product strategy text. The skill contains guidance, JSON examples, and output formats only; no executable scripts, network calls, credential access, or prompt injection language were found.

1
已扫描文件
585
分析行数
3
发现项
codex
审计者
低风险问题 (3)
SKILL.md:59-81SKILL.md:118-145SKILL.md:183-219SKILL.md:262-303SKILL.md:342-388SKILL.md:402-416SKILL.md:420-453
False Positive: Markdown Code Fences Flagged as Shell Execution
The reported Ruby or shell backtick execution locations are Markdown code fences around output templates and JSON examples. They do not instruct the assistant to execute commands and do not contain shell code.
SKILL.md:3SKILL.md:126SKILL.md:201SKILL.md:335SKILL.md:463-474SKILL.md:509
False Positive: Business Terms Flagged as Weak Cryptography
The weak cryptography matches occur in ordinary words and product planning phrases, such as description fields, critical assumptions, and platform strategy. No cryptographic algorithm, hashing function, encryption library, or security implementation appears in the skill.
SKILL.md:47SKILL.md:234SKILL.md:320SKILL.md:511
False Positive: Interview Prompts Flagged as Reconnaissance
The reconnaissance matches are customer discovery and product strategy prompts. They ask about user workflows, unmet needs, and product pitfalls, not host information, environment variables, network topology, or local system details.

审计版本 5

安全

Jan 16, 2026, 06:15 PM

Pure documentation skill containing only structured guidance and frameworks. Contains no executable code, no filesystem access, no network calls, and no external command execution. All static findings are false positives triggered by semantic misinterpretation of documentation text.

2
已扫描文件
763
分析行数
1
发现项
claude
审计者
未发现安全问题

风险因素

⚙️ 外部命令 (18)
SKILL.md:59-81 SKILL.md:81-118 SKILL.md:118-145 SKILL.md:145-183 SKILL.md:183-219 SKILL.md:219-262 SKILL.md:262-303 SKILL.md:303-342 SKILL.md:342-388 SKILL.md:388-393 SKILL.md:393-394 SKILL.md:394-397 SKILL.md:397-398 SKILL.md:398-399 SKILL.md:399-402 SKILL.md:402-416 SKILL.md:416-420 SKILL.md:420-453

审计版本 4

安全

Jan 16, 2026, 06:15 PM

Pure documentation skill containing only structured guidance and frameworks. Contains no executable code, no filesystem access, no network calls, and no external command execution. All static findings are false positives triggered by semantic misinterpretation of documentation text.

2
已扫描文件
763
分析行数
1
发现项
claude
审计者
未发现安全问题

风险因素

⚙️ 外部命令 (18)
SKILL.md:59-81 SKILL.md:81-118 SKILL.md:118-145 SKILL.md:145-183 SKILL.md:183-219 SKILL.md:219-262 SKILL.md:262-303 SKILL.md:303-342 SKILL.md:342-388 SKILL.md:388-393 SKILL.md:393-394 SKILL.md:394-397 SKILL.md:397-398 SKILL.md:398-399 SKILL.md:399-402 SKILL.md:402-416 SKILL.md:416-420 SKILL.md:420-453

审计版本 3

安全

Jan 10, 2026, 11:13 AM

Pure prompt-based documentation skill with no executable code, no filesystem access, no network calls, and no external command execution. Contains only structured guidance and templates for problem-solution fit methodology.

1
已扫描文件
585
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 2

安全

Jan 10, 2026, 11:13 AM

Pure prompt-based documentation skill with no executable code, no filesystem access, no network calls, and no external command execution. Contains only structured guidance and templates for problem-solution fit methodology.

1
已扫描文件
585
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 1

安全

Jan 10, 2026, 11:13 AM

Pure prompt-based documentation skill with no executable code, no filesystem access, no network calls, and no external command execution. Contains only structured guidance and templates for problem-solution fit methodology.

1
已扫描文件
585
分析行数
0
发现项
claude
审计者
未发现安全问题
← 返回技能