finding_id,title,current_status,current_paths,validation_reason,evidence
1,Unsanitized frontmatter name enables path traversal in sync script,obsolete/not reproducible on current HEAD,tools/scripts/sync_microsoft_skills.py,sync_microsoft_skills.py now sanitizes flat names and constrains delete/copy targets to safe in-repo paths.,tools/scripts/tests/test_sync_microsoft_skills_security.py
2,Stored XSS via rehype-raw rendering of skill markdown,obsolete/not reproducible on current HEAD,apps/web-app/src/pages/SkillDetail.tsx,SkillDetail still renders markdown without rehype-raw; the reported stored-XSS path does not reproduce.,apps/web-app/src/pages/SkillDetail.tsx
3,Symlink-following copy leaks host files in setup_web,obsolete/not reproducible on current HEAD,tools/scripts/setup_web.js,setup_web.js now uses lstatSync plus resolveSafeRealPath() and skips out-of-root symlinks.,tools/scripts/tests/copy_security.test.js
4,Insecure install guidance allows remote script execution,obsolete/not reproducible on current HEAD,skills/apify-actorization/SKILL.md,The Apify skill no longer recommends pipe-to-shell installs or token-on-command-line login.,skills/apify-actorization/SKILL.md
5,"setup_web.js now follows symlinks, enabling file exfiltration",duplicate of another finding,tools/scripts/setup_web.js,Same root cause/fix area as finding 3.,tools/scripts/setup_web.js
6,Symlink traversal in web asset setup copies arbitrary files,duplicate of another finding,tools/scripts/setup_web.js,Same root cause/fix area as finding 3.,tools/scripts/setup_web.js
7,Symlink file copying in .github/skills sync leaks host files,obsolete/not reproducible on current HEAD,tools/scripts/sync_microsoft_skills.py,Microsoft sync now rejects unsafe symlink targets and only accepts safe regular files that stay within the cloned source root.,tools/scripts/tests/test_sync_microsoft_skills_security.py
8,Symlinked file copy in Microsoft skill sync can leak host data,duplicate of another finding,tools/scripts/sync_microsoft_skills.py,Same root cause/fix area as finding 7.,tools/scripts/sync_microsoft_skills.py
9,Committed Python bytecode can hide malicious logic,obsolete/not reproducible on current HEAD,skills/ui-ux-pro-max/scripts/__pycache__,Tracked __pycache__ artifacts are absent on current main and repo hygiene tests fail if they reappear.,tools/scripts/tests/repo_hygiene_security.test.js
10,Symlinked SKILL.md can leak host files via index script,obsolete/not reproducible on current HEAD,tools/scripts/generate_index.py,generate_index.py now ignores symlinked SKILL.md files during index generation.,tools/scripts/tests/test_frontmatter_parsing_security.py
11,"Example loader trusts manifest paths, enabling file read",obsolete/not reproducible on current HEAD,docs/integrations/jetski-gemini-loader/loader.mjs,The Jetski loader rejects symlinked skill directories/files and any resolved SKILL.md outside the configured skills root.,tools/scripts/tests/jetski_gemini_loader.test.cjs
12,TLS certificate verification disabled in new scrapers,obsolete/not reproducible on current HEAD,skills/junta-leiloeiros/scripts/scraper/base_scraper.py | skills/junta-leiloeiros/scripts/web_scraper_fallback.py,TLS verification is enabled by default again; insecure behavior requires an explicit opt-out environment flag.,skills/junta-leiloeiros/scripts/scraper/base_scraper.py
13,Complete bundle omits valid skill categories,obsolete/not reproducible on current HEAD,tools/lib/skill-filter.js | tools/scripts/build-catalog.js | data/bundles.json,The old helper-path omission still does not drive shipped bundle output; current bundles come from build-catalog.js.,tools/scripts/build-catalog.js
14,Malformed frontmatter delimiter breaks YAML parsing for skills,obsolete/not reproducible on current HEAD,skills/alpha-vantage/SKILL.md,The malformed --- Unknown frontmatter regression is no longer present in alpha-vantage.,tools/scripts/tests/repo_hygiene_security.test.js
15,ws_listener writes sensitive events to predictable /tmp files,obsolete/not reproducible on current HEAD,skills/videodb/scripts/ws_listener.py,ws_listener.py now defaults to a user-owned state directory and uses secure file creation.,tools/scripts/tests/local_temp_safety.test.js
16,Symlink traversal lets /skills/ serve arbitrary local files,obsolete/not reproducible on current HEAD,apps/web-app/refresh-skills-plugin.js,refresh-skills-plugin.js resolves real paths under the skills root before serving /skills/*; the public Pages app no longer exposes the maintainer sync surface.,apps/web-app/refresh-skills-plugin.js
17,Sync Skills endpoint follows symlinks from downloaded archive,duplicate of another finding,apps/web-app/refresh-skills-plugin.js,Same root cause/fix area as finding 16.,apps/web-app/refresh-skills-plugin.js
18,Validation crash if YAML frontmatter is not a mapping,obsolete/not reproducible on current HEAD,tools/scripts/validate_skills.py,validate_skills.py now rejects non-mapping YAML frontmatter cleanly instead of crashing downstream validation.,tools/scripts/tests/test_frontmatter_parsing_security.py
19,Anonymous Supabase writes allow skill star tampering,obsolete/not reproducible on current HEAD,apps/web-app/src/hooks/useSkillStars.ts | apps/web-app/src/lib/supabase.ts,useSkillStars now stores saves locally in the browser and no longer performs shared frontend writes through the public Supabase client.,apps/web-app/src/hooks/useSkillStars.ts
20,Metadata fixer overwrites symlinked SKILL.md targets,obsolete/not reproducible on current HEAD,tools/scripts/fix_skills_metadata.py,fix_skills_metadata.py now skips symlinked SKILL.md files and non-mapping frontmatter.,tools/scripts/fix_skills_metadata.py
21,Installer now dereferences symlinks during copy,obsolete/not reproducible on current HEAD,tools/bin/install.js,install.js now uses lstatSync plus resolveSafeRealPath() and skips symlinks that resolve outside the cloned repo root.,tools/scripts/tests/copy_security.test.js
22,Installer merge path dereferences symlinks when copying,duplicate of another finding,tools/bin/install.js,Same root cause/fix area as finding 21.,tools/bin/install.js
23,Cleanup sync deletes arbitrary paths via flat_name,duplicate of another finding,tools/scripts/sync_microsoft_skills.py,Same root cause/fix area as finding 1.,tools/scripts/sync_microsoft_skills.py
24,Audio transcription example allows Python code injection,obsolete/not reproducible on current HEAD,skills/audio-transcriber/examples/basic-transcription.sh,The audio transcription example now uses a quoted heredoc and passes values via environment variables.,skills/audio-transcriber/examples/basic-transcription.sh
25,Unbounded recursive skill traversal can crash catalog build,obsolete/not reproducible on current HEAD,tools/lib/skill-utils.js | tools/scripts/build-catalog.js,The claimed recursive symlink traversal in catalog discovery still does not reproduce on current code paths.,tools/lib/skill-utils.js
26,Release scripts still use root skills_index.json path,obsolete/not reproducible on current HEAD,tools/scripts/update_readme.py | tools/scripts/generate_index.py | tools/scripts/release_workflow.js,"Root skills_index.json remains the canonical generated index, so the reported release-script path mismatch does not reproduce.",tools/scripts/release_workflow.js
27,Symlink traversal in skill normalization allows file overwrite,obsolete/not reproducible on current HEAD,tools/lib/skill-utils.js | tools/scripts/normalize-frontmatter.js,"skill-utils.js now relies on lstatSync-based safe directory/file discovery, so normalization does not treat symlinked skill folders as writable local skills.",tools/lib/skill-utils.js
28,last30days skill passes user input directly to Bash command,obsolete/not reproducible on current HEAD,skills/last30days/SKILL.md,"The last30days skill still passes user input as a quoted value through a temp file, so the reported direct shell-injection sink does not reproduce.",skills/last30days/SKILL.md
29,Unvalidated YAML frontmatter can crash index generation,duplicate of another finding,tools/scripts/generate_index.py,Same root cause/fix area as finding 18.,tools/scripts/generate_index.py
30,Predictable /tmp counter file enables local file clobbering,obsolete/not reproducible on current HEAD,skills/cc-skill-strategic-compact/suggest-compact.sh,The strategic compact hook now stores state under XDG_STATE_HOME instead of predictable shared /tmp paths.,tools/scripts/tests/local_temp_safety.test.js
31,Symlink traversal risk in new sync script,obsolete/not reproducible on current HEAD,tools/scripts/sync_recommended_skills.sh,sync_recommended_skills.sh now preserves symlinks with cp -RP and avoids the destructive glob-delete pattern from the original report.,tools/scripts/tests/repo_hygiene_security.test.js
32,skills_manager allows path traversal in enable/disable operations,obsolete/not reproducible on current HEAD,tools/scripts/skills_manager.py,skills_manager.py now resolves candidate paths relative to the intended base directory and rejects traversal attempts.,tools/scripts/tests/test_skills_manager_security.py
33,Zip Slip risk in Office unpack scripts,obsolete/not reproducible on current HEAD,skills/docx-official/ooxml/scripts/unpack.py | skills/pptx-official/ooxml/scripts/unpack.py,The Office unpack helpers now validate archive members and reject traversal/symlink-style entries before extraction.,tools/scripts/tests/test_office_unpack_security.py