Back to Security Audit Pipeline

Security Report

Security Audit Pipeline

v1.0.13 v1.0.8 v1.0.7 v1.0.6 v1.0.2
Pass
Version v1.0.13 Scanned 11 May 2026 at 06:35 Scanner v2.8.0

Summary

Detected

  • Services:
  • Permissions: shell:execute
  • Data Handling: pii

Undeclared

All items declared

Warnings

No warnings

Findings (12)

Data Handling

info pii declared
pii-data-reference
prompts/scan-vulnerabilities.md:55

"user data"

This content handles personally identifiable information (names, emails, addresses). Declare pii in requires.data_handling so users are informed before import.

info pii declared
pii-explicit-mention
prompts/scan-vulnerabilities.md:73

"PII"

This content handles personally identifiable information (names, emails, addresses). Declare pii in requires.data_handling so users are informed before import.

Compliance

info GDPR undeclared
compliance-gdpr
prompts/write-executive-report.md:75

"Note any findings relevant to compliance frameworks (SOC 2, GDPR, PCI-DSS, HIPAA, ISO 27001). State "

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info HIPAA undeclared
compliance-hipaa
prompts/write-executive-report.md:75

"Note any findings relevant to compliance frameworks (SOC 2, GDPR, PCI-DSS, HIPAA, ISO 27001). State "

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info SOC-2 undeclared
compliance-soc2
prompts/write-executive-report.md:75

"Note any findings relevant to compliance frameworks (SOC 2, GDPR, PCI-DSS, HIPAA, ISO 27001). State "

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info PCI-DSS undeclared
compliance-pci-dss
prompts/write-executive-report.md:75

"Note any findings relevant to compliance frameworks (SOC 2, GDPR, PCI-DSS, HIPAA, ISO 27001). State "

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info GDPR undeclared
compliance-gdpr
skills/executive-reporting.md:46

"5. **Compliance Implications** — any findings that may affect compliance with relevant frameworks (S"

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info HIPAA undeclared
compliance-hipaa
skills/executive-reporting.md:46

"5. **Compliance Implications** — any findings that may affect compliance with relevant frameworks (S"

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info SOC-2 undeclared
compliance-soc2
skills/executive-reporting.md:46

"5. **Compliance Implications** — any findings that may affect compliance with relevant frameworks (S"

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

info PCI-DSS undeclared
compliance-pci-dss
skills/executive-reporting.md:46

"5. **Compliance Implications** — any findings that may affect compliance with relevant frameworks (S"

This content references a regulatory or compliance framework. This is informational — no action needed unless the skrpt processes regulated data.

Permissions

info shell:execute declared
shell-exec-call
skills/severity-assessment.md:18

"System ("

This content references shell command execution. If intentional, declare shell:execute in requires.permissions. This is the highest risk permission.

info shell:execute declared
shell-module-import
skills/vulnerability-scanning.md:27

"child_process"

This content references shell command execution. If intentional, declare shell:execute in requires.permissions. This is the highest risk permission.