Skip to content

chore(deps): update trailofbits/skills digest to cfe5d7b#699

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/trailofbits-skills-digest
Open

chore(deps): update trailofbits/skills digest to cfe5d7b#699
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/trailofbits-skills-digest

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
trailofbits/skills digest a56045ecfe5d7b

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jul 3, 2026
@toolhive-release-app

toolhive-release-app Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🛡️ Skill Security Scan Results

✅ agentic-actions-auditor

  • Status: Passed
  • Findings: 1

❌ codeql

  • Status: Failed
  • Findings: 296
  • Blocking: 154

Blocking issues:

  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/performance-tuning.md:97)
  • [ATR_2026_00012] (HIGH) Pattern detected: | OOM during analysis | Not enough RAM | Inc (references/performance-tuning.md:106)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/performance-tuning.md:108)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: --timeout and check `--eval (references/performance-tuning.md:110)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:7)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (references/quality-assessment.md:11)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: $(python (references/quality-assessment.md:12)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(unzip -Z1 "$DB_NAME/src.zip" 2>/dev/null | wc -l) (references/quality-assessment.md:23)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/quality-assessment.md:28)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${EXTRACTOR_ERRORS:-0} (references/quality-assessment.md:29)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(codeql database export-diagnostics --format=text -- "$DB_NAME" 2>/dev/null || true) (references/quality-assessment.md:33)
  • [ATR_2026_00012] (HIGH) Pattern detected: src.zip) includes system (references/quality-assessment.md:48)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:50)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(python3 -c "print(f'{$EXTRACTOR_ERRORS/$PROJECT_SRC_COUNT*100:.1f}%') (references/quality-assessment.md:70)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:79)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: codeql-database.yml | true | false (inc (references/quality-assessment.md:100)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:116)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/quality-assessment.md:121)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: root= (references/quality-assessment.md:122)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:128)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/quality-assessment.md:130)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:139)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/quality-assessment.md:152)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (references/quality-assessment.md:153)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/quality-assessment.md:158)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-and-quality and security-experimental are complementary. security-and-quality excludes experimental/ query paths. security-experimental inc (references/ruleset-catalog.md:11)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: python (references/ruleset-catalog.md:15)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: trailofbits/go-queries | Go | Concurrenc (references/ruleset-catalog.md:24)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruleset-catalog.md:28)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruleset-catalog.md:49)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruleset-catalog.md:59)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/run-all-suite.md:3)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-experimental = stable security + experimental security (re-inc (references/run-all-suite.md:11)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/run-all-suite.md:46)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:55)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:56)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:57)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG} (references/run-all-suite.md:58)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${PACK} (references/run-all-suite.md:65)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${CODEQL_LANG:?ERROR: CODEQL_LANG must be set before generating suite} (references/run-all-suite.md:84)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${SUITE_FILE:?ERROR: SUITE_FILE must be set} (references/run-all-suite.md:85)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:13)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:19)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:31)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:46)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-severity < 6.0 from the report. The suite includes all medium-precision security queries to let CodeQL eval (references/sarif-processing.md:53)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/sarif-processing.md:57)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Model | Sources Inc (references/threat-models.md:7)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: environment (references/threat-models.md:11)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: upload (references/threat-models.md:13)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/threat-models.md:23)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: $OUTPUT_DIR from the parent skill (resolved onc (workflows/build-database.md:44)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:46)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:56)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:59)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:65)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:66)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:67)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:68)
  • [ATR_2026_00012] (HIGH) Pattern detected: CODEQL_LANG variable set to a valid (workflows/build-database.md:78)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:82)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: python (workflows/build-database.md:90)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ruby (workflows/build-database.md:93)
  • [ATR_2026_00012] (HIGH) Pattern detected: | C# | `csh (workflows/build-database.md:96)
  • [ATR_2026_00012] (HIGH) Pattern detected: withpaths-ignoreentries fornode (workflows/build-database.md:104)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/build-database.md:111)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:115)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:117)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:118)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:119)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:130)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(uname -s) (workflows/build-database.md:132)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(find "$(dirname "$(command -v codeql) (workflows/build-database.md:133)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(lipo -archs "$LIBTRACE" 2>/dev/null) (workflows/build-database.md:135)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(lipo -archs /usr/bin/make 2>/dev/null) (workflows/build-database.md:137)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:154)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:156)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:157)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:158)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(nproc) (workflows/build-database.md:169)
  • [ATR_2026_00012] (HIGH) Pattern detected: build.sh, `compile.sh (workflows/build-database.md:176)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:178)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:180)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:181)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:182)
  • [ATR_2026_00012] (HIGH) Pattern detected: `.** Replaces Methods 1 and 2 on affected system (workflows/build-database.md:187)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:197)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: root= (workflows/build-database.md:199)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:209)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: CMD (workflows/build-database.md:211)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (workflows/build-database.md:212)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: | tee (workflows/build-database.md:213)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/build-database.md:253)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/build-database.md:255)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/build-database.md:258)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Report coverage is adequate, finish (workflows/create-data-extensions.md:22)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:35)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$f") (workflows/create-data-extensions.md:39)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:67)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$yml") (workflows/create-data-extensions.md:71)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/create-data-extensions.md:74)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/create-data-extensions.md:76)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${FOUND_DBS[0]} (workflows/create-data-extensions.md:77)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(codeql resolve database --format=json -- "$DB_NAME" | jq -r '.languages[0]') (workflows/create-data-extensions.md:84)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: Write tool to create $DIAG_DIR/list-sources.ql using the source template from [diagnostic-query-templates.md](../referenc (workflows/create-data-extensions.md:91)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: Write tool to create $DIAG_DIR/list-sinks.ql using the language-specific sink template from [diagnostic-query-templates.md](../referenc (workflows/create-data-extensions.md:95)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (workflows/create-data-extensions.md:97)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:101)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:102)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:103)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:105)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/create-data-extensions.md:106)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: request handlers | Custom request parsin (workflows/create-data-extensions.md:128)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (workflows/create-data-extensions.md:130)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: summaryModel (workflows/create-data-extensions.md:136)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (workflows/create-data-extensions.md:142)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:170)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/create-data-extensions.md:185)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:187)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:195)
  • [ATR_2026_00012] (HIGH) Pattern detected: $DIAG_DIR (not results/) sinc (workflows/create-data-extensions.md:202)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:204)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:212)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/create-data-extensions.md:223)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(python3 -c "import json; print(sum(len(r.get('results',[]) (workflows/create-data-extensions.md:224)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(python3 -c "import json; print(sum(len(r.get('results',[]) (workflows/create-data-extensions.md:225)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $((WITH_EXT - BASELINE) (workflows/create-data-extensions.md:226)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/create-data-extensions.md:252)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (workflows/run-analysis.md:3)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Mode | Description | Suite Referenc (workflows/run-analysis.md:9)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: security-and-quality + security-experimental suites | [run-all-suite.md](../referenc (workflows/run-analysis.md:11)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: defaultSuiteFile silently applies strict filters and can produce zero results. Always use an explicit suite referenc (workflows/run-analysis.md:14)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (workflows/run-analysis.md:26)
  • [ATR_2026_00012] (HIGH) Pattern detected: | User selects scan mode. Skip only if user said (workflows/run-analysis.md:34)
  • [ATR_2026_00001] (HIGH) Pattern detected: skip rules (workflows/run-analysis.md:38)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:53)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$yml") (workflows/run-analysis.md:59)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/run-analysis.md:63)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(dirname "$yml") (workflows/run-analysis.md:65)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/run-analysis.md:69)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${#FOUND_DBS[@]} (workflows/run-analysis.md:72)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${FOUND_DBS[0]} (workflows/run-analysis.md:73)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(codeql resolve database --format=json -- "$DB_NAME" | jq -r '.languages[0]') (workflows/run-analysis.md:81)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (workflows/run-analysis.md:112)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (workflows/run-analysis.md:186)
  • [ATR_2026_00012] (HIGH) Pattern detected: $RAW_DIR/results.sarif exists and contains valid (workflows/run-analysis.md:189)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:195)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(date -Iseconds) (workflows/run-analysis.md:198)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .qls suite using the template and script in [important-only-suite.md](../referenc (workflows/run-analysis.md:216)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .qls suite using the template in [run-all-suite.md](../referenc (workflows/run-analysis.md:218)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:220)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:234)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: -- " (workflows/run-analysis.md:242)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/run-analysis.md:267)

❌ constant-time-analysis

  • Status: Failed
  • Findings: 253
  • Blocking: 207

Blocking issues:

  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (SKILL.md:3)
  • [ATR_2026_00090] (HIGH) Pattern detected: leak secret (SKILL.md:3)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (SKILL.md:28)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (SKILL.md:31)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .c, .h, .cpp, .cc, .hpp | [references/compiled.md](referenc (SKILL.md:46)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .go | [references/compiled.md](referenc (SKILL.md:47)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .rs | [references/compiled.md](referenc (SKILL.md:48)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .swift | [references/swift.md](referenc (SKILL.md:49)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .java | [references/vm-compiled.md](referenc (SKILL.md:50)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .kt, .kts | [references/kotlin.md](referenc (SKILL.md:51)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .cs | [references/vm-compiled.md](referenc (SKILL.md:52)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .php | [references/php.md](referenc (SKILL.md:53)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .js, .mjs, .cjs | [references/javascript.md](referenc (SKILL.md:54)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .ts, .tsx | [references/javascript.md](referenc (SKILL.md:55)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .py | [references/python.md](references/python (SKILL.md:56)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: .rb | [references/ruby.md](references/ruby (SKILL.md:57)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:61)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:77)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:89)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:104)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `kotlinc (SKILL.md:124)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (SKILL.md:125)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:133)
  • [ATR_2026_00140] (HIGH) Pattern detected: inverse (SKILL.md:147)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Branc (SKILL.md:148)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (SKILL.md:162)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (SKILL.md:169)
  • [ATR_2026_00051] (HIGH) Pattern detected: for each (SKILL.md:185)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Can an attacker influenc (SKILL.md:194)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/compiled.md:7)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/compiled.md:97)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: --warnings and review each branc (references/compiled.md:99)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ` env (references/compiled.md:112)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/javascript.md:12)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/javascript.md:23)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/javascript.md:35)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/javascript.md:36)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/javascript.md:37)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/javascript.md:38)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/javascript.md:42)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` | Variable latenc (references/javascript.md:44)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` | Variable latenc (references/javascript.md:45)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval() (references/javascript.md:47)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/javascript.md:51)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `inc (references/javascript.md:55)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: btoa (references/javascript.md:60)
  • [ATR_2026_00140] (HIGH) Pattern detected: inverse (references/javascript.md:96)
  • [ATR_2026_00140] (HIGH) Pattern detected: inverse (references/javascript.md:97)
  • [ATR_2026_00140] (HIGH) Pattern detected: inverse (references/javascript.md:98)
  • [ATR_2026_00012] (HIGH) Pattern detected: `node (references/javascript.md:115)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/kotlin.md:33)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: idiv (references/kotlin.md:55)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ddiv (references/kotlin.md:56)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/kotlin.md:57)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: ENCRYPT (references/kotlin.md:131)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/kotlin.md:134)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/kotlin.md:203)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/kotlin.md:208)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/kotlin.md:209)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/kotlin.md:213)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/kotlin.md:231)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: == compares referenc (references/kotlin.md:240)
  • [ATR_2026_00002] (HIGH) Pattern detected: [Android Keystore System] (references/kotlin.md:251)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:13)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(curl -s https://pecl.php.net/package/vld | grep -oP 'vld-\K[0-9.]+(?=.tgz) (references/php.md:15)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${VLD_VERSION} (references/php.md:19)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${VLD_VERSION} (references/php.md:22)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:27)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/php.md:34)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(php --ini | grep "Loaded Configuration" | cut -d: -f2 | tr -d ' ') (references/php.md:37)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:42)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:49)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(php -i | grep extension_dir | awk '{print $3}') (references/php.md:51)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/php.md:55)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:60)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/php.md:68)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/php.md:80)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/php.md:81)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/php.md:82)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/php.md:86)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/php.md:92)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/php.md:93)
  • [ATR_2026_00012] (HIGH) Pattern detected: `uniqid (references/php.md:97)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: shuffle() (references/php.md:98)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/php.md:102)
  • [ATR_2026_00012] (HIGH) Pattern detected: strcmp() | Variable-time | `hash (references/php.md:104)
  • [ATR_2026_00012] (HIGH) Pattern detected: strcasecmp() | Variable-time | `hash (references/php.md:105)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `strnc (references/php.md:106)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: substr_compare() (references/php.md:107)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `json_enc (references/php.md:109)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/php.md:115)
  • [ATR_2026_00012] (HIGH) Pattern detected: $user_token (references/php.md:117)
  • [ATR_2026_00012] (HIGH) Pattern detected: $stored_token (references/php.md:120)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/php.md:125)
  • [ATR_2026_00012] (HIGH) Pattern detected: $token (references/php.md:127)
  • [ATR_2026_00012] (HIGH) Pattern detected: $token (references/php.md:131)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/php.md:137)
  • [ATR_2026_00012] (HIGH) Pattern detected: $secret_char (references/php.md:139)
  • [ATR_2026_00012] (HIGH) Pattern detected: $secret_byte (references/php.md:140)
  • [ATR_2026_00012] (HIGH) Pattern detected: $secret_char (references/php.md:143)
  • [ATR_2026_00012] (HIGH) Pattern detected: $secret_byte (references/php.md:144)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:151)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(php -r "echo ini_get('extension_dir') (references/php.md:160)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/php.md:167)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/python.md:11)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/python.md:19)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:33)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:34)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:35)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:36)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:37)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:38)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:44)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:45)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:46)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:47)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:48)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/python.md:49)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/python.md:53)
  • [ATR_2026_00012] (HIGH) Pattern detected: `random.sh (references/python.md:59)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` | Variable latenc (references/python.md:61)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` | Variable latenc (references/python.md:62)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval() (references/python.md:63)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: exec() (references/python.md:64)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/python.md:68)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/python.md:77)
  • [ATR_2026_00012] (HIGH) Pattern detected: pickle.dumps() | Variable-length output | Avoid (references/python.md:78)
  • [ATR_2026_00398] (CRITICAL) Pattern detected: pickle.loads( (references/python.md:79)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/python.md:85)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/python.md:103)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/python.md:117)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/python.md:156)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/python.md:162)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ruby --dump=insns (references/ruby.md:7)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/ruby.md:11)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/ruby.md:19)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/ruby.md:31)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/ruby.md:32)
  • [ATR_2026_00012] (HIGH) Pattern detected: | branchif, branchunless | Conditional branc (references/ruby.md:41)
  • [ATR_2026_00012] (HIGH) Pattern detected: | opt_lshift, opt_rshift | Bit sh (references/ruby.md:44)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/ruby.md:48)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` | Variable latenc (references/ruby.md:53)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/ruby.md:57)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `inc (references/ruby.md:59)
  • [ATR_2026_00012] (HIGH) Pattern detected: match() | Variable-time | Avoid (references/ruby.md:63)
  • [ATR_2026_00012] (HIGH) Pattern detected: =~ | Variable-time regex | Avoid (references/ruby.md:64)
  • [ATR_2026_00012] (HIGH) Pattern detected: Marshal.dump() | Variable-length output | Avoid (references/ruby.md:66)
  • [ATR_2026_00012] (HIGH) Pattern detected: `Marsh (references/ruby.md:67)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/ruby.md:73)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/ruby.md:100)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/ruby.md:109)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/ruby.md:115)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/ruby.md:135)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/ruby.md:148)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ruby --dump=insns (references/ruby.md:166)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:30)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: FDIV, FSQRT | Variable latenc (references/swift.md:58)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/swift.md:59)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `ID (references/swift.md:65)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: DIVSS, DIVSD, SQRTSS, SQRTSD | Variable latenc (references/swift.md:66)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/swift.md:67)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: /* handle error */ (references/swift.md:136)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/swift.md:155)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: privateKey (references/swift.md:159)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: privateKey (references/swift.md:160)
  • [ATR_2026_00113] (CRITICAL) Pattern detected: Keychain (references/swift.md:175)
  • [ATR_2026_00113] (CRITICAL) Pattern detected: Keychain (references/swift.md:176)
  • [ATR_2026_00235] (HIGH) Pattern detected: query: [ (references/swift.md:177)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:233)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:242)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:251)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/swift.md:275)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:39)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: idiv (references/vm-compiled.md:64)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ddiv (references/vm-compiled.md:65)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/vm-compiled.md:66)
  • [ATR_2026_00012] (HIGH) Pattern detected: div/rem opcodes) | Variable latenc (references/vm-compiled.md:74)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Conditional Branc (references/vm-compiled.md:75)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:139)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:151)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:164)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/vm-compiled.md:175)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `org.bounc (references/vm-compiled.md:191)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` may have timing leaks; consider using Bounc (references/vm-compiled.md:193)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` for best performanc (references/vm-compiled.md:197)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:215)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:231)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/vm-compiled.md:236)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:246)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: bash (references/vm-compiled.md:247)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:255)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:267)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:271)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/vm-compiled.md:276)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:284)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:285)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:292)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: bash (references/vm-compiled.md:293)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:299)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:301)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:306)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:308)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:315)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/vm-compiled.md:323)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: sudo (references/vm-compiled.md:328)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/vm-compiled.md:335)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: in Java andSequenc (references/vm-compiled.md:339)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ differential-review

  • Status: Passed
  • Findings: 4

✅ fp-check

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ insecure-defaults

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ property-based-testing

  • Status: Passed
  • Findings: 2

✅ sarif-parsing

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ semgrep

  • Status: Passed
  • Findings: 5

✅ semgrep-rule-creator

  • Status: Passed
  • Findings: 2

✅ semgrep-rule-variant-creator

  • Status: Passed
  • Findings: 3

❌ sharp-edges

  • Status: Failed
  • Findings: 520
  • Blocking: 348

Blocking issues:

  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/config-patterns.md:284)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/config-patterns.md:285)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/config-patterns.md:289)
  • [ATR_2026_00012] (HIGH) Pattern detected: host, `hostname (references/config-patterns.md:289)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/config-patterns.md:293)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/config-patterns.md:305)
  • [ATR_2026_00004] (CRITICAL) Pattern detected: ## Configuration (references/config-patterns.md:317)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: Constructor (references/config-patterns.md:333)
  • [ATR_2026_00085] (HIGH) Pattern detected: skip signature verification (references/crypto-apis.md:15)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:28)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:30)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:37)
  • [ATR_2026_00012] (HIGH) Pattern detected: mode, cipher, algorithm, `hash (references/crypto-apis.md:41)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/crypto-apis.md:45)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Valid (references/crypto-apis.md:47)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Valid (references/crypto-apis.md:48)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Valid (references/crypto-apis.md:49)
  • [ATR_2026_00012] (HIGH) Pattern detected: $password (references/crypto-apis.md:52)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:63)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:66)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:67)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:73)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/crypto-apis.md:76)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:82)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:84)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: \x00 (references/crypto-apis.md:88)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:89)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:90)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:99)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:111)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:128)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:141)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:156)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/crypto-apis.md:169)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:170)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:171)
  • [ATR_2026_00021] (CRITICAL) Pattern detected: password = argon2.hash(password) (references/crypto-apis.md:175)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/crypto-apis.md:187)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: \0 (references/lang-c.md:34)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: truncate (references/lang-c.md:39)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: *printf family func (references/lang-c.md:62)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Stack pointer invalid (references/lang-c.md:130)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (references/lang-c.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NOT async (references/lang-c.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NOT async (references/lang-c.md:145)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NOT async (references/lang-c.md:146)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-c.md:173)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-c.md:174)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Expands to ((a++) * (a++)) - inc (references/lang-c.md:183)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `strnc (references/lang-c.md:205)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:5)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NullReferenc (references/lang-csharp.md:11)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:28)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-csharp.md:43)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:47)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:61)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:73)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Crash (references/lang-csharp.md:76)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:96)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-csharp.md:102)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:104)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-csharp.md:107)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-csharp.md:111)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-csharp.md:116)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-csharp.md:117)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:124)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:137)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:161)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:177)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:183)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:199)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:206)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:221)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: /* managed cleanup */ (references/lang-csharp.md:232)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:241)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Subscriber now rooted by Publish (references/lang-csharp.md:249)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/lang-csharp.md:259)
  • [ATR_2026_00012] (HIGH) Pattern detected: new Connection[n] for structs | Invalid (references/lang-csharp.md:276)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `async (references/lang-csharp.md:278)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: await before async (references/lang-csharp.md:280)
  • [ATR_2026_00203] (HIGH) Pattern detected: vulnerability pattern: (references/lang-go.md:10)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: math/bits overflow-checking func (references/lang-go.md:24)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-go.md:87)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "ADMIN" (references/lang-go.md:90)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-go.md:91)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-go.md:94)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-go.md:115)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `return &Conc (references/lang-go.md:264)
  • [ATR_2026_00012] (HIGH) Pattern detected: `json.Unmarsh (references/lang-go.md:265)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `go func (references/lang-go.md:267)
  • [ATR_2026_00012] (HIGH) Pattern detected: _, err := instead of _, err = | Error sh (references/lang-go.md:270)
  • [ATR_2026_00012] (HIGH) Pattern detected: ObjectInputStream (references/lang-java.md:56)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `Conc (references/lang-java.md:170)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-java.md:209)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/lang-java.md:232)
  • [ATR_2026_00002] (HIGH) Pattern detected: [] (references/lang-java.md:232)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: == with objects | Referenc (references/lang-java.md:252)
  • [ATR_2026_00012] (HIGH) Pattern detected: ObjectInputStream (references/lang-java.md:254)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: catch (references/lang-java.md:255)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: catch (Exception e) (references/lang-java.md:256)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: String += in loop | Performanc (references/lang-java.md:257)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ` sh (references/lang-java.md:260)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `DocumentBuilderFactory.newInstanc (references/lang-java.md:263)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-javascript.md:15)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-javascript.md:18)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:30)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:34)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: {"proto (references/lang-javascript.md:34)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:42)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:43)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:49)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: ['proto (references/lang-javascript.md:49)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NaN - radix 1 invalid (references/lang-javascript.md:86)
  • [ATR_2026_00140] (HIGH) Pattern detected: reverse (references/lang-javascript.md:127)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-javascript.md:158)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-javascript.md:159)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:161)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: new Function( (references/lang-javascript.md:162)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-javascript.md:165)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${process.exit()} (references/lang-javascript.md:168)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-javascript.md:169)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:177)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:177)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Unhandled rejection - may crash (references/lang-javascript.md:195)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:220)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:221)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: {"proto (references/lang-javascript.md:221)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:222)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:226)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Crash (references/lang-javascript.md:247)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/lang-javascript.md:262)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-javascript.md:262)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` without radix | Parsing inconsistenc (references/lang-javascript.md:264)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval( (references/lang-javascript.md:265)
  • [ATR_2026_00012] (HIGH) Pattern detected: ! non-null assertion | Null pointer crash (references/lang-javascript.md:268)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: await before async (references/lang-javascript.md:269)
  • [ATR_2026_00085] (HIGH) Pattern detected: bypass null safety (references/lang-kotlin.md:11)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: admin = (references/lang-kotlin.md:80)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/lang-kotlin.md:83)
  • [ATR_2026_00112] (HIGH) Pattern detected: require(name.isNotBlank() (references/lang-kotlin.md:86)
  • [ATR_2026_00050] (HIGH) Pattern detected: while (true) (references/lang-kotlin.md:114)
  • [ATR_2026_00050] (HIGH) Pattern detected: while (true) (references/lang-kotlin.md:136)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-kotlin.md:235)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: suspend fun (references/lang-kotlin.md:260)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: catch (e: Exception) (references/lang-kotlin.md:261)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: terminal (references/lang-kotlin.md:264)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Extension func (references/lang-kotlin.md:265)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:5)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:23)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:30)
  • [ATR_2026_00012] (HIGH) Pattern detected: $stored_password (references/lang-php.md:32)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:44)
  • [ATR_2026_00012] (HIGH) Pattern detected: $stored_password (references/lang-php.md:46)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:53)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: $$name (references/lang-php.md:56)
  • [ATR_2026_00012] (HIGH) Pattern detected: Admin=true (references/lang-php.md:61)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:72)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:74)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:79)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:88)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:89)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:90)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:95)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:96)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-php.md:99)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:110)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/lang-php.md:114)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: null byte (references/lang-php.md:115)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/lang-php.md:117)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:122)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:129)
  • [ATR_2026_00065] (HIGH) Pattern detected: grantAccess (references/lang-php.md:142)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:148)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Shell (references/lang-php.md:162)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:164)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:165)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-php.md:167)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/lang-php.md:170)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:173)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:174)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:175)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-php.md:178)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:182)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:199)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:214)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/lang-php.md:226)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: $$var (references/lang-php.md:238)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/lang-php.md:239)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:240)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `inc (references/lang-php.md:241)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-php.md:242)
  • [ATR_2026_00012] (HIGH) Pattern detected: "0e\d+" == "0e\d+" | Magic hash (references/lang-php.md:243)
  • [ATR_2026_00012] (HIGH) Pattern detected: `session_id (references/lang-php.md:244)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:5)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:24)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-python.md:32)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:34)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:35)
  • [MDBLOCK_PYTHON_EVAL_EXEC] (HIGH) Code block in references/lang-python.md at line 35 contains potentially dangerous Python code. (references/lang-python.md:35)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-python.md:36)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-python.md:37)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:39)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:40)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-python.md:41)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-python.md:44)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: import (references/lang-python.md:48)
  • [ATR_2026_00112] (HIGH) Pattern detected: importlib.import_module( (references/lang-python.md:49)
  • [ATR_2026_00398] (CRITICAL) Pattern detected: pickle.loads( (references/lang-python.md:53)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-python.md:54)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: subprocess.Popen(shell=True) (references/lang-python.md:55)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:59)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: Capture by value usin (references/lang-python.md:72)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:73)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:83)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:111)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:127)
  • [ATR_2026_00085] (HIGH) Pattern detected: pass # Security check (references/lang-python.md:144)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:156)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:177)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: 'admin' (references/lang-python.md:184)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: 'admin' (references/lang-python.md:185)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: init (references/lang-python.md:188)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:189)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: init (references/lang-python.md:191)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:197)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: class (references/lang-python.md:199)
  • [MDBLOCK_PYTHON_EVAL_EXEC] (HIGH) Code block in references/lang-python.md at line 202 contains potentially dangerous Python code. (references/lang-python.md:202)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-python.md:203)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:213)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:229)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Subprocess (references/lang-python.md:238)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:240)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-python.md:241)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: subprocess (references/lang-python.md:242)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: subprocess.run (references/lang-python.md:243)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/lang-python.md:244)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/lang-python.md:246)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: subprocess.run (references/lang-python.md:247)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/lang-python.md:252)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval( (references/lang-python.md:266)
  • [ATR_2026_00398] (CRITICAL) Pattern detected: pickle.loads( (references/lang-python.md:267)
  • [ATR_2026_00012] (HIGH) Pattern detected: import x where x.py exists locally | Import sh (references/lang-python.md:270)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: subprocess.*(..., shell=True) (references/lang-python.md:274)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-ruby.md:3)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:5)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-ruby.md:6)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-ruby.md:7)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{user_input} (references/lang-ruby.md:18)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-ruby.md:22)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:26)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:34)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:53)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:60)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "superuser" (references/lang-ruby.md:63)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:70)
  • [ATR_2026_00112] (HIGH) Pattern detected: require(:user) (references/lang-ruby.md:72)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:80)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:name]} (references/lang-ruby.md:82)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:name]} (references/lang-ruby.md:87)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ; DROP (references/lang-ruby.md:90)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:94)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:102)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `ls (references/lang-ruby.md:104)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:dir]} (references/lang-ruby.md:105)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/lang-ruby.md:106)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:dir]} (references/lang-ruby.md:107)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: ; rm (references/lang-ruby.md:109)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:113)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:120)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (references/lang-ruby.md:129)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:133)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/lang-ruby.md:134)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:140)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:152)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:167)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:179)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:188)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: whoami (references/lang-ruby.md:193)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/lang-ruby.md:194)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/lang-ruby.md:198)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:203)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:filename]} (references/lang-ruby.md:205)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: /etc/passwd (references/lang-ruby.md:206)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: #{params[:cmd]} (references/lang-ruby.md:209)
  • [ATR_2026_00012] (HIGH) Pattern detected: |whoami") # Returns output of whoami (references/lang-ruby.md:212)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:216)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: upload (references/lang-ruby.md:217)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: upload (references/lang-ruby.md:218)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:223)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:240)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/lang-ruby.md:253)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: eval( (references/lang-ruby.md:262)
  • [ATR_2026_00012] (HIGH) Pattern detected: `...#{`, `system (references/lang-ruby.md:268)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/lang-ruby.md:272)
  • [ATR_2026_00012] (HIGH) Pattern detected: unsafe block sh (references/lang-rust.md:56)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // Vec's memory leaked, but ptr still valid (references/lang-rust.md:79)
  • [ATR_2026_00001] (HIGH) Pattern detected: Drop Order (references/lang-rust.md:218)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `unsafe impl Send/Sync (references/lang-rust.md:269)
  • [ATR_2026_00276] (HIGH) Pattern detected: ‍ (references/lang-swift.md:96)
  • [ATR_2026_00012] (HIGH) Pattern detected: ! force unwrap | Crash (references/lang-swift.md:278)
  • [ATR_2026_00012] (HIGH) Pattern detected: as! force cast | Crash (references/lang-swift.md:279)
  • [ATR_2026_00012] (HIGH) Pattern detected: try! | Crash (references/lang-swift.md:280)
  • [ATR_2026_00012] (HIGH) Pattern detected: String! IUO types | Deferred crash (references/lang-swift.md:282)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: \0 (references/language-specific.md:36)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/language-specific.md:117)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "ADMIN" (references/language-specific.md:120)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/language-specific.md:121)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: "admin" (references/language-specific.md:124)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:132)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:261)
  • [ATR_2026_00012] (HIGH) Pattern detected: ObjectInputStream (references/language-specific.md:262)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/language-specific.md:263)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:266)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/language-specific.md:318)
  • [ATR_2026_00012] (HIGH) Pattern detected: ; // NullReferenc (references/language-specific.md:325)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/language-specific.md:330)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```csh (references/language-specific.md:343)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/language-specific.md:361)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/language-specific.md:379)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: $$name (references/language-specific.md:382)
  • [ATR_2026_00012] (HIGH) Pattern detected: Admin=true (references/language-specific.md:386)
  • [ATR_2026_00012] (HIGH) Pattern detected: ```php (references/language-specific.md:391)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/language-specific.md:393)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/language-specific.md:422)
  • [ATR_2026_00062] (CRITICAL) Pattern detected: proto (references/language-specific.md:426)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: {"proto (references/language-specific.md:426)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:463)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:482)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:483)
  • [MDBLOCK_PYTHON_EVAL_EXEC] (HIGH) Code block in references/language-specific.md at line 483 contains potentially dangerous Python code. (references/language-specific.md:483)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/language-specific.md:484)
  • [ATR_2026_00095] (CRITICAL) Pattern detected: exec( (references/language-specific.md:485)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:486)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/language-specific.md:489)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:494)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `python (references/language-specific.md:512)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/language-specific.md:536)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/language-specific.md:538)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:539)
  • [ATR_2026_00110] (CRITICAL) Pattern detected: eval( (references/language-specific.md:540)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/language-specific.md:551)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ```ruby (references/language-specific.md:564)
  • [ATR_2026_00112] (HIGH) Pattern detected: require(:user) (references/language-specific.md:569)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Rust | Debug/release overflow differenc (references/language-specific.md:580)
  • [ATR_2026_00012] (HIGH) Pattern detected: unserialize( (references/language-specific.md:585)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/language-specific.md:587)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Ruby | eval (references/language-specific.md:588)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

❌ supply-chain-risk-auditor

  • Status: Failed
  • Findings: 6
  • Blocking: 2

Blocking issues:

  • [ATR_2026_00051] (HIGH) Pattern detected: For each (SKILL.md:47)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (SKILL.md:52)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

✅ variant-analysis

  • Status: Passed
  • Findings: 2
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

❌ yara-rule-authoring

  • Status: Failed
  • Findings: 463
  • Blocking: 213

Blocking issues:

  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (SKILL.md:13)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (SKILL.md:26)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Common Obj-C methods | Keylogger strings, persistenc (SKILL.md:54)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: require, fetch, axios | Obfuscator signatures, eval (SKILL.md:55)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (SKILL.md:56)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (SKILL.md:57)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: vscode.workspace | Unc (SKILL.md:58)
  • [ATR_2026_00012] (HIGH) Pattern detected: `ssh (SKILL.md:78)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ~/Library/LaunchAgents, `/Library/Launc (SKILL.md:79)
  • [ATR_2026_00113] (CRITICAL) Pattern detected: security find-generic-password (SKILL.md:80)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (SKILL.md:108)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: webhook (SKILL.md:125)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: .env (SKILL.md:130)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (SKILL.md:140)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Unique in one sample ≠ unique across malware ecosystem (SKILL.md:155)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (SKILL.md:158)
  • [ATR_2026_00001] (HIGH) Pattern detected: become detection (SKILL.md:159)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (SKILL.md:162)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Unbounded regex = performanc (SKILL.md:164)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (SKILL.md:181)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (SKILL.md:203)
  • [ATR_2026_00032] (HIGH) Pattern detected: Pivot to (SKILL.md:209)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: XOR (SKILL.md:257)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: xor (SKILL.md:258)
  • [ATR_2026_00032] (HIGH) Pattern detected: Pivot to (SKILL.md:279)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: nocase or wide speculatively** — only when you have confirmed evidence the case/enc (SKILL.md:308)
  • [ATR_2026_00012] (HIGH) Pattern detected: `/msh (SKILL.md:314)
  • [ATR_2026_00088] (HIGH) Pattern detected: suppress warning (SKILL.md:321)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:356)
  • [ATR_2026_00012] (HIGH) Pattern detected: `permhash (SKILL.md:380)
  • [ATR_2026_00012] (HIGH) Pattern detected: crx.is_crx, crx.permissions, `crx.permhash (SKILL.md:382)
  • [ATR_2026_00012] (HIGH) Pattern detected: dex module enables detection of Android (SKILL.md:400)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (SKILL.md:404)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:423)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \R (SKILL.md:433)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Invalid (SKILL.md:433)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Base64 (SKILL.md:434)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (SKILL.md:448)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: author, `referenc (SKILL.md:458)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (SKILL.md:471)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: Gather samples** — Multiple samples; sin (SKILL.md:487)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (SKILL.md:493)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (SKILL.md:497)
  • [ATR_2026_00012] (HIGH) Pattern detected: filesize first, avoid (SKILL.md:511)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Performance and atom optimization | [performanc (SKILL.md:522)
  • [ATR_2026_00012] (HIGH) Pattern detected: | String types and judgment | [strings.md](referenc (SKILL.md:523)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Testing and validation | [testing.md](referenc (SKILL.md:524)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Android DEX module (dex) | [dex-module.md](referenc (SKILL.md:526)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (SKILL.md:548)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ../../ (SKILL.md:553)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (SKILL.md:557)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Base64 (SKILL.md:564)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: { and valid escape sequenc (SKILL.md:565)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Referenc (SKILL.md:611)
  • [ATR_2026_00012] (HIGH) Pattern detected: crx.is_crx | bool | Returns true if file is a valid (references/crx-module.md:19)
  • [ATR_2026_00012] (HIGH) Pattern detected: `crx.id (references/crx-module.md:27)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/crx-module.md:78)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/crx-module.md:90)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/crx-module.md:179)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Exec (references/dex-module.md:3)
  • [ATR_2026_00012] (HIGH) Pattern detected: dex.is_dex | bool | Returns true if file is valid (references/dex-module.md:21)
  • [ATR_2026_00012] (HIGH) Pattern detected: dex.header.signature | string | SHA-1 hash (references/dex-module.md:34)
  • [ATR_2026_00012] (HIGH) Pattern detected: `proto.sh (references/dex-module.md:62)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: superclass (references/dex-module.md:75)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/dex-module.md:82)
  • [ATR_2026_00012] (HIGH) Pattern detected: `dex.contains_class("Ldalvik/system (references/dex-module.md:86)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Func (references/dex-module.md:90)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Encrypt (references/dex-module.md:149)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: encrypt (references/dex-module.md:151)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: XOR (references/dex-module.md:168)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/dex-module.md:230)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/dex-module.md:346)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ` func (references/dex-module.md:358)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ` sh (references/dex-module.md:371)
  • [ATR_2026_00051] (HIGH) Pattern detected: For each (references/performance.md:13)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: Null byte (references/performance.md:54)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (references/performance.md:129)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Pattern | Performanc (references/performance.md:206)
  • [ATR_2026_00012] (HIGH) Pattern detected: [^x]* | Slow | Avoid (references/performance.md:210)
  • [ATR_2026_00012] (HIGH) Pattern detected: `pe.imphash (references/performance.md:231)
  • [ATR_2026_00012] (HIGH) Pattern detected: `hash (references/performance.md:232)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/performance.md:260)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/performance.md:261)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/performance.md:272)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/performance.md:283)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/performance.md:325)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Base64 (references/strings.md:5)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:16)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (references/strings.md:31)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/strings.md:71)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Modifier | Performanc (references/strings.md:83)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: ascii | None | Default, always inc (references/strings.md:85)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: xor (references/strings.md:89)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/strings.md:90)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: xor (references/strings.md:95)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: xor (references/strings.md:96)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/strings.md:97)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/strings.md:119)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:133)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: powershell (references/strings.md:134)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Beacon (references/strings.md:149)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: .env (references/strings.md:167)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/strings.md:176)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/strings.md:178)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/strings.md:179)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/strings.md:180)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: exfil (references/strings.md:183)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:191)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/strings.md:192)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (references/strings.md:246)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/strings.md:269)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: btoa (references/strings.md:297)
  • [ATR_2026_00064] (HIGH) Pattern detected: at 0 (references/strings.md:309)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: constructor (references/strings.md:315)
  • [ATR_2026_00064] (HIGH) Pattern detected: at 0 (references/strings.md:318)
  • [ATR_2026_00012] (HIGH) Pattern detected: filesize < 1MB constraint plus thresh (references/strings.md:322)
  • [ATR_2026_00202] (HIGH) Pattern detected: \x48\x65\x6c\x6c\x6f (references/strings.md:335)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Exfil (references/strings.md:384)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: webhook (references/strings.md:389)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: id_rsa (references/strings.md:408)
  • [ATR_2026_00012] (HIGH) Pattern detected: |readFileSync (references/strings.md:409)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: webhook (references/strings.md:410)
  • [ATR_2026_00161] (CRITICAL) Pattern detected: id_rsa (references/strings.md:425)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: .aws/credentials (references/strings.md:426)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: .env (references/strings.md:427)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (references/style-guide.md:13)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Target OS/environment | Win, Lnx, Mac, Android (references/style-guide.md:14)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: CobaltStrike (references/style-guide.md:15)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Beacon (references/style-guide.md:16)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Cobalt Strike (references/style-guide.md:24)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (references/style-guide.md:25)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: shell (references/style-guide.md:26)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: SUSP_ | Suspicious | Lower confidenc (references/style-guide.md:28)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: Command and control (references/style-guide.md:45)
  • [ATR_2026_00012] (HIGH) Pattern detected: Android_ | Android (references/style-guide.md:54)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: PowerShell (references/style-guide.md:59)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: SHELL (references/style-guide.md:70)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: XOR (references/style-guide.md:105)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: CobaltStrike (references/style-guide.md:106)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: base64 (references/style-guide.md:107)
  • [ATR_2026_00012] (HIGH) Pattern detected: | 0-25 | Low confidenc (references/style-guide.md:144)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Add description, author, date, referenc (references/style-guide.md:168)
  • [ATR_2026_00012] (HIGH) Pattern detected: | E002 | Error | Invalid (references/style-guide.md:169)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/style-guide.md:194)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Base64 (references/style-guide.md:196)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: and instead of implicit conjunc (references/style-guide.md:201)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (references/testing.md:47)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:55)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Popular npm packages (lodash (references/testing.md:80)
  • [ATR_2026_00012] (HIGH) Pattern detected: | JavaScript | lodash (references/testing.md:95)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Upload (references/testing.md:119)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/testing.md:128)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:135)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (references/testing.md:145)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:147)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: exec (references/testing.md:172)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:179)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:197)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:204)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:212)
  • [PG_PII_SSN_HARVESTING] (CRITICAL) Pattern detected: Store usin (references/testing.md:214)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:218)
  • [ATR_2026_00004] (CRITICAL) Pattern detected: # System (references/testing.md:220)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: compress (references/testing.md:227)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:231)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:241)
  • [ATR_2026_00012] (HIGH) Pattern detected: | PE files | Chrome.exe, Firefox.exe, python (references/testing.md:255)
  • [ATR_2026_00012] (HIGH) Pattern detected: | npm packages | lodash (references/testing.md:256)
  • [ATR_2026_00012] (HIGH) Pattern detected: | macOS | /Applications/* from fresh (references/testing.md:258)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Android (references/testing.md:259)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:265)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:290)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: cmd (references/testing.md:299)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: npm search --searchlimit=1000 | Avoid FPs on popular dependenc (references/testing.md:347)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Known malicious packages | [npm-sh (references/testing.md:349)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (references/testing.md:356)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Incident | Key Indicators | Referenc (references/testing.md:373)
  • [ATR_2026_00012] (HIGH) Pattern detected: | os-info-checker-es6 | Variation selectors, eval (references/testing.md:376)
  • [ATR_2026_00012] (HIGH) Pattern detected: | event-stream | Flatmap dependenc (references/testing.md:377)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/rule-development.md:3)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/rule-development.md:29)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Sample Count | Confidenc (workflows/rule-development.md:39)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:58)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:78)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ` sh (workflows/rule-development.md:92)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:105)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \R (workflows/rule-development.md:124)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:131)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:150)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \n (workflows/rule-development.md:163)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (workflows/rule-development.md:171)
  • [ATR_2026_00091] (CRITICAL) Pattern detected: \R (workflows/rule-development.md:197)
  • [ATR_2026_00096] (CRITICAL) Pattern detected: beacon (workflows/rule-development.md:203)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: author inc (workflows/rule-development.md:228)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: `referenc (workflows/rule-development.md:229)
  • [ATR_2026_00012] (HIGH) Pattern detected: `hash (workflows/rule-development.md:231)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: score reflects confidenc (workflows/rule-development.md:232)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:268)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:282)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:292)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:301)
  • [ATR_2026_00012] (HIGH) Pattern detected: | JavaScript | lodash (workflows/rule-development.md:325)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Android (workflows/rule-development.md:328)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:332)
  • [ATR_2026_00063] (CRITICAL) Pattern detected: Upload (workflows/rule-development.md:342)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/rule-development.md:351)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:358)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/rule-development.md:371)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:387)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: deploy (workflows/rule-development.md:402)
  • [ATR_2026_00012] (HIGH) Pattern detected: | Performanc (workflows/rule-development.md:443)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: `bash (workflows/rule-development.md:464)
  • [ATR_2026_00040] (CRITICAL) Pattern detected: Deploy (workflows/rule-development.md:490)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: trailofbits/skills is licensed CC-BY-SA-4.0 at the repository root; upstream does not embed a license field in per-skill SKILL.md frontmatter.)

❌ zeroize-audit

  • Status: Failed
  • Findings: 8
  • Blocking: 2

Blocking issues:

  • [BEHAVIOR_EVAL_SUBPROCESS] (CRITICAL) Dangerous combination of code execution and system commands in /tmp/skill-scan-zeroize-audit/repo/plugins/zeroize-audit/skills/zeroize-audit/tools/generate_poc.py (/tmp/skill-scan-zeroize-audit/repo/plugins/zeroize-audit/skills/zeroize-audit/tools/generate_poc.py)
  • [BEHAVIOR_EVAL_SUBPROCESS] (CRITICAL) Dangerous combination of code execution and system commands in /tmp/skill-scan-zeroize-audit/repo/plugins/zeroize-audit/skills/zeroize-audit/tools/scripts/check_rust_asm.py (/tmp/skill-scan-zeroize-audit/repo/plugins/zeroize-audit/skills/zeroize-audit/tools/scripts/check_rust_asm.py)

Allowlisted (not blocking):

  • PATH_TRAVERSAL_OPEN (Allowed: tools/generate_poc.py writes generated PoC sources to an operator-supplied output directory with filenames derived from internal finding metadata; no externally controlled path input.)
  • DATA_EXFIL_SENSITIVE_FILES (Allowed: tools/scripts/check_rust_asm.py reads a JSON config of Rust symbol names to audit; 'secrets_path' is the skill's internal config file path, not exfiltration of user secrets.)

Summary: Scanned 16 skill(s), found 926 blocking issue(s).

⚠️ Action Required: Review the blocking findings. Add a justified entry to the skill's security.allowed_issues[] in its spec.yaml if the finding is a false positive.

@renovate renovate Bot force-pushed the renovate/trailofbits-skills-digest branch from b88b7f3 to aa1f295 Compare July 3, 2026 10:18
…onstant-time-analysis,differential-review,fp-check,insecure-defaults,property-based-testing,sarif-parsing,semgrep,semgrep-rule-creator,semgrep-rule-variant-creator,sharp-edges,supply-chain-risk-auditor,variant-analysis,yara-rule-authoring,zeroize-audit
@renovate

renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants