📸

审计历史

qwen-image-pro - 2 审计

审计版本 2

高风险问题 (1)

Weak Cryptographic Algorithm Warning (False Positive)

Static scanner incorrectly flagged 'weak cryptographic algorithm' at multiple lines. Upon review, these are documentation content (parameter names like 'prompt_extend', URLs, and text descriptions). No cryptographic operations are performed.

中风险问题 (1)

SKILL.md:15

External Command Examples (False Positive)

Static scanner flagged 40 locations of 'Ruby/shell backtick execution'. These are documentation examples showing how to use the infsh CLI tool (e.g., 'infsh login', 'infsh app run'). This is legitimate documentation, not actual code execution.

低风险问题 (1)

SKILL.md:9

Hardcoded URLs (False Positive)

Static scanner flagged 7 hardcoded URLs. These are legitimate links to inference.sh documentation and example URLs for the image generation service.

风险因素

⚙️ 外部命令 (1)

SKILL.md:15

🌐 网络访问 (1)

SKILL.md:9

审计版本 1

安全

Mar 5, 2026, 08:56 AM

All 56 static findings are false positives. The skill file contains only markdown documentation with code examples showing how to use the inference.sh CLI. The detected patterns (shell commands, URLs) appear in fenced code blocks as legitimate documentation examples. No executable code, prompt injection attempts, or malicious intent detected. Safe to publish.

已扫描文件

206

分析行数

发现项

claude

审计者

低风险问题 (1)

SKILL.md:17-21 SKILL.md:35-39

Documentation Code Blocks Contain Shell Commands

The skill documentation contains shell command examples in fenced code blocks. These are markdown documentation examples showing users how to use the inference.sh CLI tool, not executable code. No security risk.

风险因素

⚙️ 外部命令 (9)

SKILL.md:15-21 SKILL.md:35-50 SKILL.md:54-62 SKILL.md:66-71 SKILL.md:75-84 SKILL.md:88-93 SKILL.md:145-152 SKILL.md:156-184 SKILL.md:188-197

🌐 网络访问 (3)

SKILL.md:9-11 SKILL.md:79-80 SKILL.md:203-206

← 返回技能