Zakaria
a46764fb1b
ci / Validate workspace (push) Has been cancelled
landing-page-ci / Validate landing page (push) Has been cancelled
landing-page-deploy / Deploy landing page (push) Has been cancelled
github-metrics / Generate repository metrics SVG (push) Has been cancelled
refresh-contributors-wall / Refresh contributors wall cache bust (push) Waiting to run
13 lines
623 B
Plaintext
13 lines
623 B
Plaintext
# Security scan allowlist for html-ppt-skill
|
|
# These patterns are false positives from template content, not actual threats.
|
|
|
|
# Path traversal: templates reference shared assets via relative paths
|
|
# e.g. templates/full-decks/weekly-report/ → ../../../assets/
|
|
# This is the correct relative path to the skill root assets directory.
|
|
traversal:templates/full-decks/*/index.html
|
|
|
|
# Destructive commands: testing-safety-alert template displays forbidden
|
|
# commands as text examples in a security policy demo slide.
|
|
# They are HTML content, not executable code.
|
|
destructive:templates/full-decks/testing-safety-alert/index.html
|