📦
審計紀錄
backend-architect - 6 審計
審計版本 6
最新 中風險Jun 28, 2026, 03:13 PM
Static analysis reported many high-risk weak-cryptography and Ruby backtick findings, but reviewed examples show markdown diagrams, prose, paths, and architecture terminology rather than executable cryptographic code or shell execution. No prompt injection, data exfiltration, network behavior, credential harvesting, or malicious intent was found. The remaining risk is medium because the skill allows Bash and recommends command-based review workflows.
20
已掃描檔案
3,470
分析行數
4
發現
codex
審計單位
中風險問題 (1)
Bash Tooling Can Execute Project Commands
The skill declares Bash as an allowed tool and recommends git diff, grep, and project linters or formatters. This is legitimate for backend code review, but it gives the assistant command execution capability in a user workspace.
低風險問題 (2)
architecture/ddd-patterns.md:1architecture/hexagonal.md:71-83solid-principles/dependency-inversion.md:98-110
Static Weak-Cryptography Matches Are False Positives
The high-severity weak-cryptography matches occur in DDD, SOLID, architecture terms, markdown diagrams, and checklist prose. I found no evidence of weak cryptographic APIs or recommendations to use weak algorithms.
architecture/ddd-patterns.md:7-12architecture/dependency-injection.md:13-21examples/bad-vs-good-refactoring.md:7-22
Markdown Backticks Misclassified as Ruby Shell Execution
The external-command scanner matched markdown code fences and inline architecture examples. These sections document folder structures and refactoring examples, not Ruby shell backtick execution.
風險因素
⚙️ 外部命令 (2)
偵測到的模式
Bash Tooling Can Execute Project Commands
審計版本 5
安全Jan 16, 2026, 07:35 PM
This is a documentation-only skill containing markdown files with architectural guidance. All 410 static findings are FALSE POSITIVES. The static analyzer incorrectly identifies markdown code block delimiters (triple backticks) as Ruby shell execution, and documentation text patterns as security issues. No executable code, network calls, or filesystem operations exist in this skill.
21
已掃描檔案
3,777
分析行數
1
發現
claude
審計單位
未發現安全問題
風險因素
⚙️ 外部命令 (182)
architecture/ddd-patterns.md:7-12 architecture/dependency-injection.md:13-21 architecture/dependency-injection.md:21-41 architecture/dependency-injection.md:41-49 architecture/hexagonal.md:5-20 architecture/hexagonal.md:20-24 architecture/hexagonal.md:24-41 architecture/hexagonal.md:41-45 architecture/hexagonal.md:45-67 architecture/hexagonal.md:67-72 architecture/hexagonal.md:72-73 architecture/hexagonal.md:73-74 architecture/hexagonal.md:74-79 architecture/hexagonal.md:79-80 architecture/hexagonal.md:80-81 architecture/hexagonal.md:81-82 architecture/hexagonal.md:82-83 checklists/testing-checklist.md:5-13 checklists/testing-checklist.md:13-215 checklists/testing-checklist.md:215-219 checklists/testing-checklist.md:219-222 checklists/testing-checklist.md:222-226 code-smells/data-clumps.md:28-32 code-smells/data-clumps.md:32-35 code-smells/data-clumps.md:35-41 code-smells/data-clumps.md:41-44 code-smells/data-clumps.md:44-48 code-smells/data-clumps.md:48-51 code-smells/data-clumps.md:51-56 code-smells/data-clumps.md:56-59 code-smells/data-clumps.md:59-65 code-smells/feature-envy.md:27-36 code-smells/feature-envy.md:36-64 code-smells/feature-envy.md:64-68 code-smells/feature-envy.md:68-71 code-smells/feature-envy.md:71-75 examples/bad-vs-good-refactoring.md:7-22 examples/bad-vs-good-refactoring.md:22-26 examples/bad-vs-good-refactoring.md:26-42 examples/bad-vs-good-refactoring.md:42-48 examples/bad-vs-good-refactoring.md:48-65 examples/bad-vs-good-refactoring.md:65-69 examples/bad-vs-good-refactoring.md:69-87 examples/bad-vs-good-refactoring.md:87-93 examples/bad-vs-good-refactoring.md:93-105 examples/bad-vs-good-refactoring.md:105-109 examples/bad-vs-good-refactoring.md:109-128 examples/bad-vs-good-refactoring.md:128-134 examples/bad-vs-good-refactoring.md:134-150 examples/bad-vs-good-refactoring.md:150-154 examples/bad-vs-good-refactoring.md:154-178 examples/bad-vs-good-refactoring.md:178-184 examples/bad-vs-good-refactoring.md:184-195 examples/bad-vs-good-refactoring.md:195-199 examples/bad-vs-good-refactoring.md:199-219 examples/bad-vs-good-refactoring.md:219-225 examples/bad-vs-good-refactoring.md:225-253 examples/bad-vs-good-refactoring.md:253-257 examples/bad-vs-good-refactoring.md:257-277 examples/bad-vs-good-refactoring.md:277-283 examples/bad-vs-good-refactoring.md:283-299 examples/bad-vs-good-refactoring.md:299-303 examples/bad-vs-good-refactoring.md:303-330 examples/bad-vs-good-refactoring.md:330-336 examples/bad-vs-good-refactoring.md:336-348 examples/bad-vs-good-refactoring.md:348-352 examples/bad-vs-good-refactoring.md:352-373 examples/bad-vs-good-refactoring.md:373-379 examples/bad-vs-good-refactoring.md:379-397 examples/bad-vs-good-refactoring.md:397-401 examples/bad-vs-good-refactoring.md:401-419 examples/bad-vs-good-refactoring.md:419-425 examples/bad-vs-good-refactoring.md:425-433 examples/bad-vs-good-refactoring.md:433-437 examples/bad-vs-good-refactoring.md:437-450 examples/good-hexagonal-structure.md:5-51 examples/good-hexagonal-structure.md:51-57 examples/good-hexagonal-structure.md:57-64 examples/good-hexagonal-structure.md:64-68 examples/good-hexagonal-structure.md:68-78 examples/good-hexagonal-structure.md:78-82 examples/good-hexagonal-structure.md:82-98 examples/good-hexagonal-structure.md:98-102 examples/good-hexagonal-structure.md:102-114 examples/good-hexagonal-structure.md:114-119 examples/good-hexagonal-structure.md:119-124 examples/good-hexagonal-structure.md:124-127 examples/good-hexagonal-structure.md:127-132 examples/good-hexagonal-structure.md:132-135 examples/good-hexagonal-structure.md:135-142 examples/good-hexagonal-structure.md:142-145 examples/good-hexagonal-structure.md:145-150 examples/good-hexagonal-structure.md:150-153 examples/good-hexagonal-structure.md:153-159 examples/good-hexagonal-structure.md:159-165 examples/good-hexagonal-structure.md:165-177 examples/good-hexagonal-structure.md:177-189 examples/good-hexagonal-structure.md:189-202 examples/good-hexagonal-structure.md:202-206 examples/good-hexagonal-structure.md:206-215 examples/good-hexagonal-structure.md:215-221 examples/good-hexagonal-structure.md:221-234 examples/good-hexagonal-structure.md:234-240 examples/good-hexagonal-structure.md:240-248 examples/good-hexagonal-structure.md:248-252 examples/good-hexagonal-structure.md:252-259 SKILL.md:62 SKILL.md:68 SKILL.md:77 SKILL.md:85 SKILL.md:91 SKILL.md:110 SKILL.md:111 solid-principles/dependency-inversion.md:10-13 solid-principles/dependency-inversion.md:13-17 solid-principles/dependency-inversion.md:17-23 solid-principles/dependency-inversion.md:23-27 solid-principles/dependency-inversion.md:27-35 solid-principles/dependency-inversion.md:35-58 solid-principles/dependency-inversion.md:58-72 solid-principles/dependency-inversion.md:72-77 solid-principles/dependency-inversion.md:77-81 solid-principles/dependency-inversion.md:81-84 solid-principles/dependency-inversion.md:84-90 solid-principles/dependency-inversion.md:90-93 solid-principles/dependency-inversion.md:93-96 solid-principles/dependency-inversion.md:96-155 solid-principles/dependency-inversion.md:155-158 solid-principles/dependency-inversion.md:158-161 solid-principles/dependency-inversion.md:161-165 solid-principles/dependency-inversion.md:165-168 solid-principles/dependency-inversion.md:168-171 solid-principles/dependency-inversion.md:171-174 solid-principles/dependency-inversion.md:174-177 solid-principles/dependency-inversion.md:177-207 solid-principles/dependency-inversion.md:207-219 solid-principles/dependency-inversion.md:219-224 solid-principles/dependency-inversion.md:224-228 solid-principles/dependency-inversion.md:228-231 solid-principles/dependency-inversion.md:231-235 solid-principles/interface-segregation.md:9-11 solid-principles/interface-segregation.md:11-42 solid-principles/interface-segregation.md:42-53 solid-principles/interface-segregation.md:53-56 solid-principles/interface-segregation.md:56-74 solid-principles/interface-segregation.md:74-93 solid-principles/interface-segregation.md:93-99 solid-principles/interface-segregation.md:99-102 solid-principles/interface-segregation.md:102-109 solid-principles/interface-segregation.md:109-112 solid-principles/interface-segregation.md:112-119 solid-principles/interface-segregation.md:119-224 solid-principles/interface-segregation.md:224-234 solid-principles/liskov-substitution.md:9-11 solid-principles/liskov-substitution.md:11-51 solid-principles/liskov-substitution.md:51-61 solid-principles/liskov-substitution.md:61-64 solid-principles/liskov-substitution.md:64-68 solid-principles/liskov-substitution.md:68-71 solid-principles/liskov-substitution.md:71-75 solid-principles/liskov-substitution.md:75-78 solid-principles/liskov-substitution.md:78-82 solid-principles/liskov-substitution.md:82-147 solid-principles/liskov-substitution.md:147-150 solid-principles/liskov-substitution.md:150-153 solid-principles/liskov-substitution.md:153-156 solid-principles/liskov-substitution.md:156-159 solid-principles/liskov-substitution.md:159-162 solid-principles/open-closed.md:9-11 solid-principles/open-closed.md:11-60 solid-principles/open-closed.md:60-65 solid-principles/open-closed.md:65-68 solid-principles/open-closed.md:68-71 solid-principles/open-closed.md:71-74 solid-principles/open-closed.md:74-77 solid-principles/open-closed.md:77-80 solid-principles/open-closed.md:80-83 solid-principles/open-closed.md:83-97 solid-principles/open-closed.md:97-102 solid-principles/open-closed.md:102-105 solid-principles/open-closed.md:105-110 solid-principles/single-responsibility.md:9-11
審計版本 4
安全Jan 16, 2026, 07:35 PM
This is a documentation-only skill containing markdown files with architectural guidance. All 410 static findings are FALSE POSITIVES. The static analyzer incorrectly identifies markdown code block delimiters (triple backticks) as Ruby shell execution, and documentation text patterns as security issues. No executable code, network calls, or filesystem operations exist in this skill.
21
已掃描檔案
3,777
分析行數
1
發現
claude
審計單位
未發現安全問題
風險因素
⚙️ 外部命令 (182)
architecture/ddd-patterns.md:7-12 architecture/dependency-injection.md:13-21 architecture/dependency-injection.md:21-41 architecture/dependency-injection.md:41-49 architecture/hexagonal.md:5-20 architecture/hexagonal.md:20-24 architecture/hexagonal.md:24-41 architecture/hexagonal.md:41-45 architecture/hexagonal.md:45-67 architecture/hexagonal.md:67-72 architecture/hexagonal.md:72-73 architecture/hexagonal.md:73-74 architecture/hexagonal.md:74-79 architecture/hexagonal.md:79-80 architecture/hexagonal.md:80-81 architecture/hexagonal.md:81-82 architecture/hexagonal.md:82-83 checklists/testing-checklist.md:5-13 checklists/testing-checklist.md:13-215 checklists/testing-checklist.md:215-219 checklists/testing-checklist.md:219-222 checklists/testing-checklist.md:222-226 code-smells/data-clumps.md:28-32 code-smells/data-clumps.md:32-35 code-smells/data-clumps.md:35-41 code-smells/data-clumps.md:41-44 code-smells/data-clumps.md:44-48 code-smells/data-clumps.md:48-51 code-smells/data-clumps.md:51-56 code-smells/data-clumps.md:56-59 code-smells/data-clumps.md:59-65 code-smells/feature-envy.md:27-36 code-smells/feature-envy.md:36-64 code-smells/feature-envy.md:64-68 code-smells/feature-envy.md:68-71 code-smells/feature-envy.md:71-75 examples/bad-vs-good-refactoring.md:7-22 examples/bad-vs-good-refactoring.md:22-26 examples/bad-vs-good-refactoring.md:26-42 examples/bad-vs-good-refactoring.md:42-48 examples/bad-vs-good-refactoring.md:48-65 examples/bad-vs-good-refactoring.md:65-69 examples/bad-vs-good-refactoring.md:69-87 examples/bad-vs-good-refactoring.md:87-93 examples/bad-vs-good-refactoring.md:93-105 examples/bad-vs-good-refactoring.md:105-109 examples/bad-vs-good-refactoring.md:109-128 examples/bad-vs-good-refactoring.md:128-134 examples/bad-vs-good-refactoring.md:134-150 examples/bad-vs-good-refactoring.md:150-154 examples/bad-vs-good-refactoring.md:154-178 examples/bad-vs-good-refactoring.md:178-184 examples/bad-vs-good-refactoring.md:184-195 examples/bad-vs-good-refactoring.md:195-199 examples/bad-vs-good-refactoring.md:199-219 examples/bad-vs-good-refactoring.md:219-225 examples/bad-vs-good-refactoring.md:225-253 examples/bad-vs-good-refactoring.md:253-257 examples/bad-vs-good-refactoring.md:257-277 examples/bad-vs-good-refactoring.md:277-283 examples/bad-vs-good-refactoring.md:283-299 examples/bad-vs-good-refactoring.md:299-303 examples/bad-vs-good-refactoring.md:303-330 examples/bad-vs-good-refactoring.md:330-336 examples/bad-vs-good-refactoring.md:336-348 examples/bad-vs-good-refactoring.md:348-352 examples/bad-vs-good-refactoring.md:352-373 examples/bad-vs-good-refactoring.md:373-379 examples/bad-vs-good-refactoring.md:379-397 examples/bad-vs-good-refactoring.md:397-401 examples/bad-vs-good-refactoring.md:401-419 examples/bad-vs-good-refactoring.md:419-425 examples/bad-vs-good-refactoring.md:425-433 examples/bad-vs-good-refactoring.md:433-437 examples/bad-vs-good-refactoring.md:437-450 examples/good-hexagonal-structure.md:5-51 examples/good-hexagonal-structure.md:51-57 examples/good-hexagonal-structure.md:57-64 examples/good-hexagonal-structure.md:64-68 examples/good-hexagonal-structure.md:68-78 examples/good-hexagonal-structure.md:78-82 examples/good-hexagonal-structure.md:82-98 examples/good-hexagonal-structure.md:98-102 examples/good-hexagonal-structure.md:102-114 examples/good-hexagonal-structure.md:114-119 examples/good-hexagonal-structure.md:119-124 examples/good-hexagonal-structure.md:124-127 examples/good-hexagonal-structure.md:127-132 examples/good-hexagonal-structure.md:132-135 examples/good-hexagonal-structure.md:135-142 examples/good-hexagonal-structure.md:142-145 examples/good-hexagonal-structure.md:145-150 examples/good-hexagonal-structure.md:150-153 examples/good-hexagonal-structure.md:153-159 examples/good-hexagonal-structure.md:159-165 examples/good-hexagonal-structure.md:165-177 examples/good-hexagonal-structure.md:177-189 examples/good-hexagonal-structure.md:189-202 examples/good-hexagonal-structure.md:202-206 examples/good-hexagonal-structure.md:206-215 examples/good-hexagonal-structure.md:215-221 examples/good-hexagonal-structure.md:221-234 examples/good-hexagonal-structure.md:234-240 examples/good-hexagonal-structure.md:240-248 examples/good-hexagonal-structure.md:248-252 examples/good-hexagonal-structure.md:252-259 SKILL.md:62 SKILL.md:68 SKILL.md:77 SKILL.md:85 SKILL.md:91 SKILL.md:110 SKILL.md:111 solid-principles/dependency-inversion.md:10-13 solid-principles/dependency-inversion.md:13-17 solid-principles/dependency-inversion.md:17-23 solid-principles/dependency-inversion.md:23-27 solid-principles/dependency-inversion.md:27-35 solid-principles/dependency-inversion.md:35-58 solid-principles/dependency-inversion.md:58-72 solid-principles/dependency-inversion.md:72-77 solid-principles/dependency-inversion.md:77-81 solid-principles/dependency-inversion.md:81-84 solid-principles/dependency-inversion.md:84-90 solid-principles/dependency-inversion.md:90-93 solid-principles/dependency-inversion.md:93-96 solid-principles/dependency-inversion.md:96-155 solid-principles/dependency-inversion.md:155-158 solid-principles/dependency-inversion.md:158-161 solid-principles/dependency-inversion.md:161-165 solid-principles/dependency-inversion.md:165-168 solid-principles/dependency-inversion.md:168-171 solid-principles/dependency-inversion.md:171-174 solid-principles/dependency-inversion.md:174-177 solid-principles/dependency-inversion.md:177-207 solid-principles/dependency-inversion.md:207-219 solid-principles/dependency-inversion.md:219-224 solid-principles/dependency-inversion.md:224-228 solid-principles/dependency-inversion.md:228-231 solid-principles/dependency-inversion.md:231-235 solid-principles/interface-segregation.md:9-11 solid-principles/interface-segregation.md:11-42 solid-principles/interface-segregation.md:42-53 solid-principles/interface-segregation.md:53-56 solid-principles/interface-segregation.md:56-74 solid-principles/interface-segregation.md:74-93 solid-principles/interface-segregation.md:93-99 solid-principles/interface-segregation.md:99-102 solid-principles/interface-segregation.md:102-109 solid-principles/interface-segregation.md:109-112 solid-principles/interface-segregation.md:112-119 solid-principles/interface-segregation.md:119-224 solid-principles/interface-segregation.md:224-234 solid-principles/liskov-substitution.md:9-11 solid-principles/liskov-substitution.md:11-51 solid-principles/liskov-substitution.md:51-61 solid-principles/liskov-substitution.md:61-64 solid-principles/liskov-substitution.md:64-68 solid-principles/liskov-substitution.md:68-71 solid-principles/liskov-substitution.md:71-75 solid-principles/liskov-substitution.md:75-78 solid-principles/liskov-substitution.md:78-82 solid-principles/liskov-substitution.md:82-147 solid-principles/liskov-substitution.md:147-150 solid-principles/liskov-substitution.md:150-153 solid-principles/liskov-substitution.md:153-156 solid-principles/liskov-substitution.md:156-159 solid-principles/liskov-substitution.md:159-162 solid-principles/open-closed.md:9-11 solid-principles/open-closed.md:11-60 solid-principles/open-closed.md:60-65 solid-principles/open-closed.md:65-68 solid-principles/open-closed.md:68-71 solid-principles/open-closed.md:71-74 solid-principles/open-closed.md:74-77 solid-principles/open-closed.md:77-80 solid-principles/open-closed.md:80-83 solid-principles/open-closed.md:83-97 solid-principles/open-closed.md:97-102 solid-principles/open-closed.md:102-105 solid-principles/open-closed.md:105-110 solid-principles/single-responsibility.md:9-11
審計版本 3
安全Jan 10, 2026, 11:26 AM
This is a pure documentation-based skill containing only markdown files and a SKILL.md prompt. No executable code, network calls, filesystem operations, or code execution paths exist. All content is educational architectural guidance.
21
已掃描檔案
4,191
分析行數
0
發現
claude
審計單位
未發現安全問題
審計版本 2
安全Jan 10, 2026, 11:26 AM
This is a pure documentation-based skill containing only markdown files and a SKILL.md prompt. No executable code, network calls, filesystem operations, or code execution paths exist. All content is educational architectural guidance.
21
已掃描檔案
4,191
分析行數
0
發現
claude
審計單位
未發現安全問題
審計版本 1
安全Jan 10, 2026, 11:26 AM
This is a pure documentation-based skill containing only markdown files and a SKILL.md prompt. No executable code, network calls, filesystem operations, or code execution paths exist. All content is educational architectural guidance.
21
已掃描檔案
4,191
分析行數
0
發現
claude
審計單位
未發現安全問題