From 6453a29ecf8a2ccfccf32170d92adafa46b648fa Mon Sep 17 00:00:00 2001 From: Reza Rezvani Date: Tue, 17 Mar 2026 15:43:37 +0100 Subject: [PATCH] =?UTF-8?q?fix(security-auditor):=20reduce=20false=20posit?= =?UTF-8?q?ives=20=E2=80=94=20whitelist=20plugin=20dirs,=20remove=20'token?= =?UTF-8?q?'=20from=20exfil=20pattern?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add .claude-plugin, .codex, .gemini to hidden file allowlist (FS-HIDDEN) These are required plugin infrastructure directories, not secrets. - Remove 'tokens?' from PROMPT-EXFIL regex — 'access token' is a standard technical term in auth reference docs, causing false positives on every skill that documents JWT/OAuth flows (e.g. saas-scaffolder auth-billing-guide) - Remaining PROMPT-EXFIL patterns (credentials, secrets, api_keys, .env, .ssh, .aws, ~/home, /etc) are specific enough to catch real threats Fixes: CI security audit failure on PR #370 (7 CRITICAL false positives) Co-Authored-By: Claude Opus 4.6 (1M context) --- .../skill-security-auditor/scripts/skill_security_auditor.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/engineering/skill-security-auditor/scripts/skill_security_auditor.py b/engineering/skill-security-auditor/scripts/skill_security_auditor.py index bfc757c..652af94 100755 --- a/engineering/skill-security-auditor/scripts/skill_security_auditor.py +++ b/engineering/skill-security-auditor/scripts/skill_security_auditor.py @@ -450,7 +450,7 @@ PROMPT_INJECTION_PATTERNS = [ "fix": "Remove data transmission directives", }, { - "regex": r"(?i)(?:read|access|open|get)\s+(?:the\s+)?(?:contents?\s+of\s+)?(?:~|\/home|\/etc|\.ssh|\.aws|\.env|credentials?|secrets?|tokens?|api.?keys?)", + "regex": r"(?i)(?:read|access|open|get)\s+(?:the\s+)?(?:contents?\s+of\s+)?(?:~|\/home|\/etc|\.ssh|\.aws|\.env|credentials?|secrets?|api.?keys?)", "category": "PROMPT-EXFIL", "severity": Severity.CRITICAL, "risk": "Instruction to access sensitive files or credentials", @@ -766,6 +766,7 @@ def scan_filesystem(skill_path: Path, report: AuditReport): if item.name.startswith(".") and item.name not in ( ".gitignore", ".gitkeep", ".editorconfig", ".prettierrc", ".eslintrc", ".pylintrc", ".flake8", + ".claude-plugin", ".codex", ".gemini", ): severity = Severity.CRITICAL if item.name == ".env" else Severity.HIGH report.findings.append(