审计历史
shirushi - 6 审计
审计版本 6
最新 中风险Jun 28, 2026, 08:21 PM
Static analysis flagged many backtick examples as Ruby or shell execution, but the file is Markdown documentation for a CLI workflow. No malicious intent, network access, credential handling, or prompt injection was found. Risk remains medium because the skill directs agents to run external commands that can inspect and modify repository files.
中风险问题 (1)
低风险问题 (3)
风险因素
⚙️ 外部命令 (21)
检测到的模式
审计版本 5
安全Jan 16, 2026, 08:49 PM
This skill contains ONLY documentation (SKILL.md). The static scanner produced 37 false positives by misidentifying markdown code formatting and configuration examples as security threats. No executable code, network calls, or malicious patterns exist. All findings are dismissed as FALSE_POSITIVE.
风险因素
⚙️ 外部命令 (21)
审计版本 4
安全Jan 16, 2026, 08:49 PM
This skill contains ONLY documentation (SKILL.md). The static scanner produced 37 false positives by misidentifying markdown code formatting and configuration examples as security threats. No executable code, network calls, or malicious patterns exist. All findings are dismissed as FALSE_POSITIVE.
风险因素
⚙️ 外部命令 (21)
审计版本 3
安全Jan 10, 2026, 11:47 AM
This is a prompt-based documentation skill containing only a SKILL.md file. No executable code, network calls, or filesystem access patterns are present. The described shirushi CLI tool is a legitimate document ID management system with no malicious indicators.
审计版本 2
安全Jan 10, 2026, 11:47 AM
This is a prompt-based documentation skill containing only a SKILL.md file. No executable code, network calls, or filesystem access patterns are present. The described shirushi CLI tool is a legitimate document ID management system with no malicious indicators.
审计版本 1
安全Jan 10, 2026, 11:47 AM
This is a prompt-based documentation skill containing only a SKILL.md file. No executable code, network calls, or filesystem access patterns are present. The described shirushi CLI tool is a legitimate document ID management system with no malicious indicators.