Skip to content

fix(skills): update trailofbits/skills to cfe5d7b, fix zeroize-audit#740

Open
JAORMX wants to merge 3 commits into
mainfrom
fix/trailofbits-skills-digest
Open

fix(skills): update trailofbits/skills to cfe5d7b, fix zeroize-audit#740
JAORMX wants to merge 3 commits into
mainfrom
fix/trailofbits-skills-digest

Conversation

@JAORMX

@JAORMX JAORMX commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Supersedes chore(deps): update trailofbits/skills digest to cfe5d7b #699. Carries the same digest/version bump renovate proposed for all 16 trailofbits skills, plus a fix for one of six that failed skill-security-scan.
  • zeroize-audit: allowlisted BEHAVIOR_EVAL_SUBPROCESS — verified against the actual upstream source, both flagged subprocess.run() calls are list-form (no shell=True) with fixed commands/scripts and no attacker-controlled arguments.

Not fixed here

The other 5 skills bumped in this digest (agentic-actions-auditor, codeql, constant-time-analysis, sharp-edges, yara-rule-authoring) still fail skill-security-scan. Their logs show Failed to parse meta-analysis response: No valid JSON found in response, the known scanner meta-analyzer bug — dozens to hundreds of raw pattern-match findings survive as blocking when this happens, which isn't practically fixable by hand-allowlisting. This is a scanner tooling reliability issue, not a dockyard content problem.

Test plan

Co-Authored-By: Claude Sonnet 5 noreply@anthropic.com

renovate Bot and others added 3 commits July 3, 2026 13:44
…onstant-time-analysis,differential-review,fp-check,insecure-defaults,property-based-testing,sarif-parsing,semgrep,semgrep-rule-creator,semgrep-rule-variant-creator,sharp-edges,supply-chain-risk-auditor,variant-analysis,yara-rule-authoring,zeroize-audit
Scanner flagged two list-form subprocess.run() calls (generate_poc.py,
check_rust_asm.py) as dangerous. Neither uses shell=True or takes
attacker-controlled arguments -- fixed commands/scripts, one with an
explicit timeout.

Note: the other 5 skills bumped in this digest (agentic-actions-auditor,
codeql, constant-time-analysis, sharp-edges, yara-rule-authoring) still
fail skill-security-scan due to the known scanner meta-analyzer
JSON-parse bug (dozens to hundreds of raw findings surviving as
blocking) -- not fixed here, not practically allowlistable by hand.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@toolhive-release-app

Copy link
Copy Markdown
Contributor

🛡️ Skill Security Scan Results

✅ agentic-actions-auditor

  • Status: Passed
  • Findings: 2

❌ codeql

  • Status: Failed
  • Findings: 254
  • Blocking: 139

Blocking issues:

  • [ATR_2026_00010] (CRITICAL) Pattern detected: codeql-database.yml | true | false (inc (references/quality-assessment.md:100)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:116)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/quality-assessment.md:121)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: root= (references/quality-assessment.md:122)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:128)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/quality-assessment.md:130)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:139)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/quality-assessment.md:152)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (references/quality-assessment.md:153)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:158)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-and-quality and security-experimental are complementary. security-and-quality excludes experimental/ query paths. security-experimental inc (references/ruleset-catalog.md:11)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: python (references/ruleset-catalog.md:15)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: trailofbits/go-queries | Go | Concurrenc (references/ruleset-catalog.md:24)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruleset-catalog.md:28)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruleset-catalog.md:49)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruleset-catalog.md:59)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/run-all-suite.md:3)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-experimental = stable security + experimental security (re-inc (references/run-all-suite.md:11)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/run-all-suite.md:46)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:55)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:56)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:57)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:58)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${PACK} (references/run-all-suite.md:65)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG:?ERROR: CODEQL_LANG must be set before generating suite} (references/run-all-suite.md:84)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${SUITE_FILE:?ERROR: SUITE_FILE must be set} (references/run-all-suite.md:85)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:13)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:19)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:31)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:46)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-severity < 6.0 from the report. The suite includes all medium-precision security queries to let CodeQL eval (references/sarif-processing.md:53)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:57)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Model | Sources Inc (references/threat-models.md:7)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: environment (references/threat-models.md:11)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: upload (references/threat-models.md:13)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/threat-models.md:23)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: $OUTPUT_DIR from the parent skill (resolved onc (workflows/build-database.md:44)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:46)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:56)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:59)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:65)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:66)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:67)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:68)
  • [ATR_2026_00012] (HIGH) Pattern detected: CODEQL_LANG variable set to a valid (workflows/build-database.md:78)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:82)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: python (workflows/build-database.md:90)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ruby (workflows/build-database.md:93)
  • [ATR_2026_00012] (HIGH) Pattern detected: | C# | `csh (workflows/build-database.md:96)
  • [ATR_2026_00012] (HIGH) Pattern detected: withpaths-ignoreentries fornode (workflows/build-database.md:104)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/build-database.md:111)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:115)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:117)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:118)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:119)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:130)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(uname -s) (workflows/build-database.md:132)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(find "$(dirname "$(command -v codeql) (workflows/build-database.md:133)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(lipo -archs "$LIBTRACE" 2>/dev/null) (workflows/build-database.md:135)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(lipo -archs /usr/bin/make 2>/dev/null) (workflows/build-database.md:137)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:154)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:156)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:157)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:158)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(nproc) (workflows/build-database.md:169)
  • [ATR_2026_00012] (HIGH) Pattern detected: build.sh, `compile.sh (workflows/build-database.md:176)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:178)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:180)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:181)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:182)
  • [ATR_2026_00012] (HIGH) Pattern detected: `.** Replaces Methods 1 and 2 on affected system (workflows/build-database.md:187)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:197)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: root= (workflows/build-database.md:199)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:209)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:211)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:212)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:213)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:253)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:255)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/build-database.md:258)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Report coverage is adequate, finish (workflows/create-data-extensions.md:22)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:35)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$f") (workflows/create-data-extensions.md:39)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:67)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$yml") (workflows/create-data-extensions.md:71)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/create-data-extensions.md:74)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/create-data-extensions.md:76)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${FOUND_DBS[0]} (workflows/create-data-extensions.md:77)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(codeql resolve database --format=json -- "$DB_NAME" | jq -r '.languages[0]') (workflows/create-data-extensions.md:84)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: Write tool to create $DIAG_DIR/list-sources.ql using the source template from [diagnostic-query-templates.md](../referenc (workflows/create-data-extensions.md:91)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: Write tool to create $DIAG_DIR/list-sinks.ql using the language-specific sink template from [diagnostic-query-templates.md](../referenc (workflows/create-data-extensions.md:95)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (workflows/create-data-extensions.md:97)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:101)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:102)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:103)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:105)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:106)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: request handlers | Custom request parsin (workflows/create-data-extensions.md:128)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (workflows/create-data-extensions.md:130)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: summaryModel (workflows/create-data-extensions.md:136)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (workflows/create-data-extensions.md:142)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:170)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/create-data-extensions.md:185)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:187)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:195)
  • [ATR_2026_00012] (HIGH) Pattern detected: $DIAG_DIR (not results/) sinc (workflows/create-data-extensions.md:202)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:204)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:212)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:223)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(python3 -c "import json; print(sum(len(r.get('results',[]) (workflows/create-data-extensions.md:224)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(python3 -c "import json; print(sum(len(r.get('results',[]) (workflows/create-data-extensions.md:225)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $((WITH_EXT - BASELINE) (workflows/create-data-extensions.md:226)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:252)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (workflows/run-analysis.md:3)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Mode | Description | Suite Referenc (workflows/run-analysis.md:9)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-and-quality + security-experimental suites | [run-all-suite.md](../referenc (workflows/run-analysis.md:11)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: defaultSuiteFile silently applies strict filters and can produce zero results. Always use an explicit suite referenc (workflows/run-analysis.md:14)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (workflows/run-analysis.md:26)
  • [ATR_2026_00012] (HIGH) Pattern detected: | User selects scan mode. Skip only if user said (workflows/run-analysis.md:34)
  • [ATR_2026_00001] (HIGH) Pattern detected: skip rules (workflows/run-analysis.md:38)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:53)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$yml") (workflows/run-analysis.md:59)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/run-analysis.md:63)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$yml") (workflows/run-analysis.md:65)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/run-analysis.md:69)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/run-analysis.md:72)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${FOUND_DBS[0]} (workflows/run-analysis.md:73)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(codeql resolve database --format=json -- "$DB_NAME" | jq -r '.languages[0]') (workflows/run-analysis.md:81)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (workflows/run-analysis.md:112)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (workflows/run-analysis.md:186)
  • [ATR_2026_00012] (HIGH) Pattern detected: $RAW_DIR/results.sarif exists and contains valid (workflows/run-analysis.md:189)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:195)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/run-analysis.md:198)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .qls suite using the template and script in [important-only-suite.md](../referenc (workflows/run-analysis.md:216)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .qls suite using the template in [run-all-suite.md](../referenc (workflows/run-analysis.md:218)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:220)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:234)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/run-analysis.md:242)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:267)

❌ constant-time-analysis

  • Status: Failed
  • Findings: 58
  • Blocking: 48

Blocking issues:

  • [ATR_2026_00010] (CRITICAL) Pattern detected: DIVSS, DIVSD, SQRTSS, SQRTSD | Variable latenc (references/swift.md:66)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/swift.md:67)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: /* handle error */ (references/swift.md:136)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/swift.md:155)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: privateKey (references/swift.md:159)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: privateKey (references/swift.md:160)
  • [ATR_2026_00113] (CRITICAL) Pattern detected: Keychain (references/swift.md:175)
  • [ATR_2026_00113] (CRITICAL) Pattern detected: Keychain (references/swift.md:176)
  • [ATR_2026_00235] (HIGH) Pattern detected: query: [ (references/swift.md:177)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:233)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:242)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:251)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:275)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:39)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: idiv (references/vm-compiled.md:64)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ddiv (references/vm-compiled.md:65)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/vm-compiled.md:66)
  • [ATR_2026_00012] (HIGH) Pattern detected: div/rem opcodes) | Variable latenc (references/vm-compiled.md:74)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/vm-compiled.md:75)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:139)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:151)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:164)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:175)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `org.bounc (references/vm-compiled.md:191)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` may have timing leaks; consider using Bounc (references/vm-compiled.md:193)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` for best performanc (references/vm-compiled.md:197)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:215)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:231)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/vm-compiled.md:236)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:246)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: bash (references/vm-compiled.md:247)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:255)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:267)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:271)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/vm-compiled.md:276)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:284)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:285)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:292)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: bash (references/vm-compiled.md:293)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:299)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:301)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:306)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:308)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:315)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:323)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/vm-compiled.md:328)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:335)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: in Java andSequenc (references/vm-compiled.md:339)

✅ differential-review

  • Status: Passed
  • Findings: 3

✅ fp-check

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ insecure-defaults

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ property-based-testing

  • Status: Passed
  • Findings: 0

✅ sarif-parsing

  • Status: Passed
  • Findings: 7
  • Allowed (not blocking): 2
    • ALLOWED_TOOLS_WRITE_VIOLATION (Allowed: SKILL.md declares Bash in allowed-tools, which transitively permits filesystem writes (e.g. via redirection); the scanner flags bundled scripts as writing without recognizing Bash as the intended mechanism.)
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ semgrep

  • Status: Passed
  • Findings: 4

✅ semgrep-rule-creator

  • Status: Passed
  • Findings: 1

✅ semgrep-rule-variant-creator

  • Status: Passed
  • Findings: 1

❌ sharp-edges

  • Status: Failed
  • Findings: 512
  • Blocking: 344

Blocking issues:

  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/config-patterns.md:293)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/config-patterns.md:305)
  • [ATR_2026_00004] (CRITICAL) Pattern detected: ## Configuration (references/config-patterns.md:317)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: Constructor (references/config-patterns.md:333)
  • [ATR_2026_00085] (HIGH) Pattern detected: skip signature verification (references/crypto-apis.md:15)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:28)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:30)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:37)
  • [ATR_2026_00012] (HIGH) Pattern detected: mode, cipher, algorithm, `hash (references/crypto-apis.md:41)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/crypto-apis.md:45)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Valid (references/crypto-apis.md:47)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Valid (references/crypto-apis.md:48)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Valid (references/crypto-apis.md:49)
  • [ATR_2026_00012] (HIGH) Pattern detected: $password (references/crypto-apis.md:52)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:63)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:66)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:67)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:73)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:76)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:82)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:84)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: \x00 (references/crypto-apis.md:88)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:89)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:90)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:99)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:111)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:128)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:141)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:156)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:169)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:170)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:171)
  • [ATR_2026_00021] (CRITICAL) Pattern detected: password = argon2.hash(password) (references/crypto-apis.md:175)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:187)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: \0 (references/lang-c.md:34)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: truncate (references/lang-c.md:39)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: *printf family func (references/lang-c.md:62)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Stack pointer invalid (references/lang-c.md:130)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (references/lang-c.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NOT async (references/lang-c.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NOT async (references/lang-c.md:145)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NOT async (references/lang-c.md:146)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-c.md:173)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-c.md:174)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Expands to ((a++) * (a++)) - inc (references/lang-c.md:183)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `strnc (references/lang-c.md:205)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:5)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NullReferenc (references/lang-csharp.md:11)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:28)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-csharp.md:43)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:47)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:61)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:73)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Crash (references/lang-csharp.md:76)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:96)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-csharp.md:102)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:104)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-csharp.md:107)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-csharp.md:111)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-csharp.md:116)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-csharp.md:117)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:124)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:137)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:161)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:177)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:183)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:199)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:206)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:221)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: /* managed cleanup */ (references/lang-csharp.md:232)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:241)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Subscriber now rooted by Publish (references/lang-csharp.md:249)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:259)
  • [ATR_2026_00012] (HIGH) Pattern detected: new Connection[n] for structs | Invalid (references/lang-csharp.md:276)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `async (references/lang-csharp.md:278)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: await before async (references/lang-csharp.md:280)
  • [ATR_2026_00203] (HIGH) Pattern detected: vulnerability pattern: (references/lang-go.md:10)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: math/bits overflow-checking func (references/lang-go.md:24)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-go.md:87)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "ADMIN" (references/lang-go.md:90)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-go.md:91)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-go.md:94)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-go.md:115)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `return &Conc (references/lang-go.md:264)
  • [ATR_2026_00012] (HIGH) Pattern detected: `json.Unmarsh (references/lang-go.md:265)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `go func (references/lang-go.md:267)
  • [ATR_2026_00012] (HIGH) Pattern detected: _, err := instead of _, err = | Error sh (references/lang-go.md:270)
  • [ATR_2026_00012] (HIGH) Pattern detected: ObjectInputStream (references/lang-java.md:56)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `Conc (references/lang-java.md:170)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-java.md:209)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/lang-java.md:232)
  • [ATR_2026_00002] (HIGH) Pattern detected: [] (references/lang-java.md:232)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: == with objects | Referenc (references/lang-java.md:252)
  • [ATR_2026_00012] (HIGH) Pattern detected: ObjectInputStream (references/lang-java.md:254)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: catch (references/lang-java.md:255)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: catch (Exception e) (references/lang-java.md:256)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: String += in loop | Performanc (references/lang-java.md:257)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ` sh (references/lang-java.md:260)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `DocumentBuilderFactory.newInstanc (references/lang-java.md:263)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-javascript.md:15)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-javascript.md:18)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:30)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:34)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: {"proto (references/lang-javascript.md:34)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:42)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:43)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:49)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: ['proto (references/lang-javascript.md:49)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NaN - radix 1 invalid (references/lang-javascript.md:86)
  • [ATR_2026_00140] (HIGH) Pattern detected: reverse (references/lang-javascript.md:127)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-javascript.md:158)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-javascript.md:159)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:161)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: new Function( (references/lang-javascript.md:162)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-javascript.md:165)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${process.exit()} (references/lang-javascript.md:168)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-javascript.md:169)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:177)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:177)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Unhandled rejection - may crash (references/lang-javascript.md:195)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:220)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:221)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: {"proto (references/lang-javascript.md:221)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:222)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:226)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Crash (references/lang-javascript.md:247)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:262)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:262)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` without radix | Parsing inconsistenc (references/lang-javascript.md:264)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval( (references/lang-javascript.md:265)
  • [ATR_2026_00012] (HIGH) Pattern detected: ! non-null assertion | Null pointer crash (references/lang-javascript.md:268)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: await before async (references/lang-javascript.md:269)
  • [ATR_2026_00085] (HIGH) Pattern detected: bypass null safety (references/lang-kotlin.md:11)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: admin = (references/lang-kotlin.md:80)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-kotlin.md:83)
  • [ATR_2026_00112] (HIGH) Pattern detected: require(name.isNotBlank() (references/lang-kotlin.md:86)
  • [ATR_2026_00050] (HIGH) Pattern detected: while (true) (references/lang-kotlin.md:114)
  • [ATR_2026_00050] (HIGH) Pattern detected: while (true) (references/lang-kotlin.md:136)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-kotlin.md:235)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: suspend fun (references/lang-kotlin.md:260)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: catch (e: Exception) (references/lang-kotlin.md:261)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: terminal (references/lang-kotlin.md:264)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Extension func (references/lang-kotlin.md:265)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:5)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:23)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:30)
  • [ATR_2026_00012] (HIGH) Pattern detected: $stored_password (references/lang-php.md:32)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:44)
  • [ATR_2026_00012] (HIGH) Pattern detected: $stored_password (references/lang-php.md:46)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:53)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: $$name (references/lang-php.md:56)
  • [ATR_2026_00012] (HIGH) Pattern detected: Admin=true (references/lang-php.md:61)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:72)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:74)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:79)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:88)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:89)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:90)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:95)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:96)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-php.md:99)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:110)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/lang-php.md:114)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: null byte (references/lang-php.md:115)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/lang-php.md:117)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:122)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:129)
  • [ATR_2026_00065] (HIGH) Pattern detected: grantAccess (references/lang-php.md:142)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:148)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Shell (references/lang-php.md:162)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:164)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:165)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-php.md:167)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/lang-php.md:170)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:173)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:174)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:175)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:178)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:182)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:199)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:214)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:226)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: $$var (references/lang-php.md:238)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:239)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:240)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `inc (references/lang-php.md:241)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:242)
  • [ATR_2026_00012] (HIGH) Pattern detected: "0e\d+" == "0e\d+" | Magic hash (references/lang-php.md:243)
  • [ATR_2026_00012] (HIGH) Pattern detected: `session_id (references/lang-php.md:244)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:5)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:24)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-python.md:32)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:34)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:35)
  • [MDBLOCK_PYTHON_EVAL_EXEC] (HIGH) Code block in references/lang-python.md at line 35 contains potentially dangerous Python code. (references/lang-python.md:35)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-python.md:36)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-python.md:37)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:39)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:40)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-python.md:41)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-python.md:44)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: import (references/lang-python.md:48)
  • [ATR_2026_00112] (HIGH) Pattern detected: importlib.import_module( (references/lang-python.md:49)
  • [ATR_2026_00398] (CRITICAL) Pattern detected: pickle.loads( (references/lang-python.md:53)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:54)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: subprocess.Popen(shell=True) (references/lang-python.md:55)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:59)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: Capture by value usin (references/lang-python.md:72)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:73)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:83)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:111)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:127)
  • [ATR_2026_00085] (HIGH) Pattern detected: pass # Security check (references/lang-python.md:144)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:156)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:177)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: 'admin' (references/lang-python.md:184)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: 'admin' (references/lang-python.md:185)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: init (references/lang-python.md:188)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:189)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: init (references/lang-python.md:191)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:197)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: class (references/lang-python.md:199)
  • [MDBLOCK_PYTHON_EVAL_EXEC] (HIGH) Code block in references/lang-python.md at line 202 contains potentially dangerous Python code. (references/lang-python.md:202)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-python.md:203)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:213)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:229)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Subprocess (references/lang-python.md:238)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:240)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-python.md:241)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: subprocess (references/lang-python.md:242)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: subprocess.run (references/lang-python.md:243)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/lang-python.md:244)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-python.md:246)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: subprocess.run (references/lang-python.md:247)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:252)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval( (references/lang-python.md:266)
  • [ATR_2026_00398] (CRITICAL) Pattern detected: pickle.loads( (references/lang-python.md:267)
  • [ATR_2026_00012] (HIGH) Pattern detected: import x where x.py exists locally | Import sh (references/lang-python.md:270)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: subprocess.*(..., shell=True) (references/lang-python.md:274)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-ruby.md:3)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:5)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-ruby.md:6)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-ruby.md:7)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{user_input} (references/lang-ruby.md:18)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-ruby.md:22)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:26)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:34)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:53)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:60)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "superuser" (references/lang-ruby.md:63)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:70)
  • [ATR_2026_00112] (HIGH) Pattern detected: require(:user) (references/lang-ruby.md:72)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:80)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:name]} (references/lang-ruby.md:82)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:name]} (references/lang-ruby.md:87)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ; DROP (references/lang-ruby.md:90)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:94)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:102)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `ls (references/lang-ruby.md:104)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:dir]} (references/lang-ruby.md:105)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-ruby.md:106)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:dir]} (references/lang-ruby.md:107)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/lang-ruby.md:109)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:113)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:120)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (references/lang-ruby.md:129)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:133)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-ruby.md:134)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:140)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:152)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:167)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:179)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:188)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: whoami (references/lang-ruby.md:193)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-ruby.md:194)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-ruby.md:198)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:203)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:filename]} (references/lang-ruby.md:205)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/lang-ruby.md:206)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:cmd]} (references/lang-ruby.md:209)
  • [ATR_2026_00012] (HIGH) Pattern detected: |whoami") # Returns output of whoami (references/lang-ruby.md:212)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:216)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: upload (references/lang-ruby.md:217)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: upload (references/lang-ruby.md:218)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:223)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:240)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:253)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval( (references/lang-ruby.md:262)
  • [ATR_2026_00012] (HIGH) Pattern detected: `...#{`, `system (references/lang-ruby.md:268)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-ruby.md:272)
  • [ATR_2026_00012] (HIGH) Pattern detected: unsafe block sh (references/lang-rust.md:56)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Vec's memory leaked, but ptr still valid (references/lang-rust.md:79)
  • [ATR_2026_00001] (HIGH) Pattern detected: Drop Order (references/lang-rust.md:218)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `unsafe impl Send/Sync (references/lang-rust.md:269)
  • [ATR_2026_00276] (HIGH) Pattern detected: ‍ (references/lang-swift.md:96)
  • [ATR_2026_00012] (HIGH) Pattern detected: ! force unwrap | Crash (references/lang-swift.md:278)
  • [ATR_2026_00012] (HIGH) Pattern detected: as! force cast | Crash (references/lang-swift.md:279)
  • [ATR_2026_00012] (HIGH) Pattern detected: try! | Crash (references/lang-swift.md:280)
  • [ATR_2026_00012] (HIGH) Pattern detected: String! IUO types | Deferred crash (references/lang-swift.md:282)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: \0 (references/language-specific.md:36)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/language-specific.md:117)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "ADMIN" (references/language-specific.md:120)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/language-specific.md:121)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/language-specific.md:124)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:132)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:261)
  • [ATR_2026_00012] (HIGH) Pattern detected: ObjectInputStream (references/language-specific.md:262)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/language-specific.md:263)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:266)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/language-specific.md:318)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NullReferenc (references/language-specific.md:325)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/language-specific.md:330)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/language-specific.md:343)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/language-specific.md:361)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/language-specific.md:379)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: $$name (references/language-specific.md:382)
  • [ATR_2026_00012] (HIGH) Pattern detected: Admin=true (references/language-specific.md:386)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/language-specific.md:391)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/language-specific.md:393)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/language-specific.md:422)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/language-specific.md:426)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: {"proto (references/language-specific.md:426)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:463)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:482)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:483)
  • [MDBLOCK_PYTHON_EVAL_EXEC] (HIGH) Code block in references/language-specific.md at line 483 contains potentially dangerous Python code. (references/language-specific.md:483)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/language-specific.md:484)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/language-specific.md:485)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:486)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/language-specific.md:489)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:494)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:512)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/language-specific.md:536)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/language-specific.md:538)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:539)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/language-specific.md:540)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/language-specific.md:551)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/language-specific.md:564)
  • [ATR_2026_00112] (HIGH) Pattern detected: require(:user) (references/language-specific.md:569)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Rust | Debug/release overflow differenc (references/language-specific.md:580)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/language-specific.md:585)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:587)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Ruby | eval (references/language-specific.md:588)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ supply-chain-risk-auditor

  • Status: Passed
  • Findings: 3

✅ variant-analysis

  • Status: Passed
  • Findings: 0

❌ yara-rule-authoring

  • Status: Failed
  • Findings: 245
  • Blocking: 116

Blocking issues:

  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/strings.md:119)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:133)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: powershell (references/strings.md:134)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Beacon (references/strings.md:149)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: .env (references/strings.md:167)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/strings.md:176)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/strings.md:178)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/strings.md:179)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/strings.md:180)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/strings.md:183)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:191)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:192)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (references/strings.md:246)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/strings.md:269)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: btoa (references/strings.md:297)
  • [ATR_2026_00064] (HIGH) Pattern detected: at 0 (references/strings.md:309)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/strings.md:315)
  • [ATR_2026_00064] (HIGH) Pattern detected: at 0 (references/strings.md:318)
  • [ATR_2026_00012] (HIGH) Pattern detected: filesize < 1MB constraint plus thresh (references/strings.md:322)
  • [ATR_2026_00202] (HIGH) Pattern detected: \x48\x65\x6c\x6c\x6f (references/strings.md:335)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Exfil (references/strings.md:384)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: webhook (references/strings.md:389)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: id_rsa (references/strings.md:408)
  • [ATR_2026_00012] (HIGH) Pattern detected: |readFileSync (references/strings.md:409)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: webhook (references/strings.md:410)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: id_rsa (references/strings.md:425)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: .aws/credentials (references/strings.md:426)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: .env (references/strings.md:427)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (references/style-guide.md:13)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Target OS/environment | Win, Lnx, Mac, Android (references/style-guide.md:14)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: CobaltStrike (references/style-guide.md:15)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Beacon (references/style-guide.md:16)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Cobalt Strike (references/style-guide.md:24)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (references/style-guide.md:25)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/style-guide.md:26)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: SUSP_ | Suspicious | Lower confidenc (references/style-guide.md:28)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Command and control (references/style-guide.md:45)
  • [ATR_2026_00012] (HIGH) Pattern detected: Android_ | Android (references/style-guide.md:54)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: PowerShell (references/style-guide.md:59)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (references/style-guide.md:70)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: XOR (references/style-guide.md:105)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: CobaltStrike (references/style-guide.md:106)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/style-guide.md:107)
  • [ATR_2026_00012] (HIGH) Pattern detected: | 0-25 | Low confidenc (references/style-guide.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Add description, author, date, referenc (references/style-guide.md:168)
  • [ATR_2026_00012] (HIGH) Pattern detected: | E002 | Error | Invalid (references/style-guide.md:169)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/style-guide.md:194)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Base64 (references/style-guide.md:196)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: and instead of implicit conjunc (references/style-guide.md:201)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (references/testing.md:47)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:55)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Popular npm packages (lodash (references/testing.md:80)
  • [ATR_2026_00012] (HIGH) Pattern detected: | JavaScript | lodash (references/testing.md:95)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Upload (references/testing.md:119)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/testing.md:128)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:135)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/testing.md:145)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:147)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/testing.md:172)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:179)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:197)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:204)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:212)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: Store usin (references/testing.md:214)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:218)
  • [ATR_2026_00004] (CRITICAL) Pattern detected: # System (references/testing.md:220)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: compress (references/testing.md:227)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:231)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:241)
  • [ATR_2026_00012] (HIGH) Pattern detected: | PE files | Chrome.exe, Firefox.exe, python (references/testing.md:255)
  • [ATR_2026_00012] (HIGH) Pattern detected: | npm packages | lodash (references/testing.md:256)
  • [ATR_2026_00012] (HIGH) Pattern detected: | macOS | /Applications/* from fresh (references/testing.md:258)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Android (references/testing.md:259)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:265)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:290)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/testing.md:299)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: npm search --searchlimit=1000 | Avoid FPs on popular dependenc (references/testing.md:347)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Known malicious packages | [npm-sh (references/testing.md:349)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:356)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Incident | Key Indicators | Referenc (references/testing.md:373)
  • [ATR_2026_00012] (HIGH) Pattern detected: | os-info-checker-es6 | Variation selectors, eval (references/testing.md:376)
  • [ATR_2026_00012] (HIGH) Pattern detected: | event-stream | Flatmap dependenc (references/testing.md:377)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/rule-development.md:3)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/rule-development.md:29)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Sample Count | Confidenc (workflows/rule-development.md:39)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:58)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:78)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ` sh (workflows/rule-development.md:92)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:105)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \R (workflows/rule-development.md:124)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:131)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:150)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (workflows/rule-development.md:163)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (workflows/rule-development.md:171)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \R (workflows/rule-development.md:197)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (workflows/rule-development.md:203)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: author inc (workflows/rule-development.md:228)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `referenc (workflows/rule-development.md:229)
  • [ATR_2026_00012] (HIGH) Pattern detected: `hash (workflows/rule-development.md:231)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: score reflects confidenc (workflows/rule-development.md:232)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:268)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:282)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:292)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:301)
  • [ATR_2026_00012] (HIGH) Pattern detected: | JavaScript | lodash (workflows/rule-development.md:325)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Android (workflows/rule-development.md:328)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:332)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Upload (workflows/rule-development.md:342)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/rule-development.md:351)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:358)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/rule-development.md:371)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:387)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/rule-development.md:402)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Performanc (workflows/rule-development.md:443)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:464)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/rule-development.md:490)

✅ zeroize-audit

  • Status: Passed
  • Findings: 6
  • Allowed (not blocking): 2
    • BEHAVIOR_EVAL_SUBPROCESS (Allowed: FP: matched list-form subprocess.run() calls in tools/generate_poc.py (invokes sys.executable + a local script with fixed flag names) and tools/scripts/check_rust_asm.py (invokes the fixed command 'rustfilt' with a timeout, input piped via stdin). Neither uses shell=True or attacker-controlled arguments.)
    • BEHAVIOR_EVAL_SUBPROCESS (Allowed: FP: matched list-form subprocess.run() calls in tools/generate_poc.py (invokes sys.executable + a local script with fixed flag names) and tools/scripts/check_rust_asm.py (invokes the fixed command 'rustfilt' with a timeout, input piped via stdin). Neither uses shell=True or attacker-controlled arguments.)

Summary: Scanned 16 skill(s), found 647 blocking issue(s).

⚠️ Action Required: Review the blocking findings. Add a justified entry to the skill's security.allowed_issues[] in its spec.yaml if the finding is a false positive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants