审计历史
docs-validator - 6 审计
审计版本 6
最新 中风险Jun 28, 2026, 07:00 PM
Static analysis found many shell, network, filesystem, and weak-crypto patterns in SKILL.md. Manual review shows the weak-crypto, path traversal, reconnaissance, and hardcoded URL matches are false positives from prose or sample report text. The remaining risk is legitimate but elevated because the skill instructs agents to run shell documentation scans, inspect workspace files, optionally test external URLs, and write reports.
中风险问题 (2)
低风险问题 (4)
风险因素
⚙️ 外部命令 (7)
检测到的模式
审计版本 5
安全Jan 16, 2026, 08:15 PM
This is a pure prompt-based skill with no executable code. The SKILL.md file contains only documentation validation guidelines and example prompts for an AI assistant. All 65 static findings are false positives: cryptographic algorithm detections are misidentified hash identifiers, external_commands are illustrative bash examples with hardcoded paths, and network/filesystem detections are benign markdown content.
风险因素
🌐 网络访问 (3)
📁 文件系统访问 (1)
⚙️ 外部命令 (38)
审计版本 4
安全Jan 16, 2026, 08:15 PM
This is a pure prompt-based skill with no executable code. The SKILL.md file contains only documentation validation guidelines and example prompts for an AI assistant. All 65 static findings are false positives: cryptographic algorithm detections are misidentified hash identifiers, external_commands are illustrative bash examples with hardcoded paths, and network/filesystem detections are benign markdown content.
风险因素
🌐 网络访问 (3)
📁 文件系统访问 (1)
⚙️ 外部命令 (38)
审计版本 3
安全Jan 10, 2026, 11:48 AM
This is a pure prompt-based skill with no executable code. The SKILL.md file contains only documentation validation guidelines and example prompts for an AI assistant. No network calls, file writes, or command executions are performed by the skill itself.
审计版本 2
安全Jan 10, 2026, 11:48 AM
This is a pure prompt-based skill with no executable code. The SKILL.md file contains only documentation validation guidelines and example prompts for an AI assistant. No network calls, file writes, or command executions are performed by the skill itself.
审计版本 1
安全Jan 10, 2026, 11:48 AM
This is a pure prompt-based skill with no executable code. The SKILL.md file contains only documentation validation guidelines and example prompts for an AI assistant. No network calls, file writes, or command executions are performed by the skill itself.