Back to skill
Skillv2.1.1
Static analysis security
Senior Fullstack · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
ReviewApr 30, 2026, 4:57 AM
- Summary
- Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.generated_source_template_injection
- Reason codes
- suspicious.env_credential_accesssuspicious.exposed_secret_literalsuspicious.generated_source_template_injection
- Engine
- v2.4.5
Evidence
criticalscripts/project_scaffolder.py:352
Environment variable access combined with network send.
suspicious.env_credential_access
criticalreferences/architecture_patterns.md:495
Documentation appears to expose a hardcoded API secret or token.
suspicious.exposed_secret_literal
criticalreferences/development_workflows.md:110
User-controlled placeholder is embedded directly into generated source code.
suspicious.generated_source_template_injection