📸

審計歷史

qwen-image-pro - 2 審計

審計版本 2

高風險問題 (1)

Weak Cryptographic Algorithm Warning (False Positive)

Static scanner incorrectly flagged 'weak cryptographic algorithm' at multiple lines. Upon review, these are documentation content (parameter names like 'prompt_extend', URLs, and text descriptions). No cryptographic operations are performed.

中風險問題 (1)

SKILL.md:15

External Command Examples (False Positive)

Static scanner flagged 40 locations of 'Ruby/shell backtick execution'. These are documentation examples showing how to use the infsh CLI tool (e.g., 'infsh login', 'infsh app run'). This is legitimate documentation, not actual code execution.

低風險問題 (1)

SKILL.md:9

Hardcoded URLs (False Positive)

Static scanner flagged 7 hardcoded URLs. These are legitimate links to inference.sh documentation and example URLs for the image generation service.

風險因素

⚙️ 外部命令 (1)

SKILL.md:15

🌐 網路存取 (1)

SKILL.md:9

審計版本 1

安全

Mar 5, 2026, 08:56 AM

All 56 static findings are false positives. The skill file contains only markdown documentation with code examples showing how to use the inference.sh CLI. The detected patterns (shell commands, URLs) appear in fenced code blocks as legitimate documentation examples. No executable code, prompt injection attempts, or malicious intent detected. Safe to publish.

已掃描檔案

206

分析行數

發現項

claude

審計者

低風險問題 (1)

SKILL.md:17-21 SKILL.md:35-39

Documentation Code Blocks Contain Shell Commands

The skill documentation contains shell command examples in fenced code blocks. These are markdown documentation examples showing users how to use the inference.sh CLI tool, not executable code. No security risk.

風險因素

⚙️ 外部命令 (9)

SKILL.md:15-21 SKILL.md:35-50 SKILL.md:54-62 SKILL.md:66-71 SKILL.md:75-84 SKILL.md:88-93 SKILL.md:145-152 SKILL.md:156-184 SKILL.md:188-197

🌐 網路存取 (3)

SKILL.md:9-11 SKILL.md:79-80 SKILL.md:203-206

← 返回技能