{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-r73j-pqj5-w3x7", "name": "pillow: GHSA-r73j-pqj5-w3x7", "shortDescription": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "fullDescription": {"text": "Pillow has a PDF Parsing Trailer Infinite Loop (DoS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_consolidate_text` has cognitive complexity 19 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_consolidate_text` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 19."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "GHSA-44wm-f244-xhp3", "name": "pillow: GHSA-44wm-f244-xhp3", "shortDescription": {"text": "pillow: GHSA-44wm-f244-xhp3"}, "fullDescription": {"text": "Pillow buffer overflow vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-165", "name": "pillow: PYSEC-2026-165", "shortDescription": {"text": "pillow: PYSEC-2026-165"}, "fullDescription": {"text": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-175", "name": "pillow: PYSEC-2023-175", "shortDescription": {"text": "pillow: PYSEC-2023-175"}, "fullDescription": {"text": "Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j975-95f5-7wqh", "name": "mcp: GHSA-j975-95f5-7wqh", "shortDescription": {"text": "mcp: GHSA-j975-95f5-7wqh"}, "fullDescription": {"text": "MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9h52-p55h-vw2f", "name": "mcp: GHSA-9h52-p55h-vw2f", "shortDescription": {"text": "mcp: GHSA-9h52-p55h-vw2f"}, "fullDescription": {"text": "Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3qhf-m339-9g5v", "name": "mcp: GHSA-3qhf-m339-9g5v", "shortDescription": {"text": "mcp: GHSA-3qhf-m339-9g5v"}, "fullDescription": {"text": "MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED023", "name": "[MINED023] Xxe Sax Default: xml.etree.ElementTree.parse / xml.sax / lxml without disable-entities \u2014 XXE attack.", "shortDescription": {"text": "[MINED023] Xxe Sax Default: xml.etree.ElementTree.parse / xml.sax / lxml without disable-entities \u2014 XXE attack."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-611 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.optimize_colors` used but never assigned in __init__", "shortDescription": {"text": "`self.optimize_colors` used but never assigned in __init__"}, "fullDescription": {"text": "Method `save` of class `GIFBuilder` reads `self.optimize_colors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-3f63-hfp8-52jq", "name": "pillow: GHSA-3f63-hfp8-52jq", "shortDescription": {"text": "pillow: GHSA-3f63-hfp8-52jq"}, "fullDescription": {"text": "Arbitrary Code Execution in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `warnings` used but not imported", "shortDescription": {"text": "Missing import: `warnings` used but not imported"}, "fullDescription": {"text": "The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/729"}, "properties": {"repository": "anthropics/skills", "repoUrl": "https://github.com/anthropics/skills", "branch": "main"}, "results": [{"ruleId": "GHSA-r73j-pqj5-w3x7", "level": "warning", "message": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "properties": {"repobilityId": 59446, "scanner": "osv-scanner", "fingerprint": "6aabd100a35cd4986a78311bc5587385c7cbea843276a0370773682e260b72b2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42310", "CVE-2026-42310"], "package": "pillow", "rule_id": "GHSA-r73j-pqj5-w3x7", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42310|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 59437, "scanner": "repobility-threat-engine", "fingerprint": "d6528869efc6f415bb2219b4d5bf1f0d13dd39f65a4372eb6a403294df903239", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen(\n                server['cmd'],\n                shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|69|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/webapp-testing/scripts/with_server.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 59436, "scanner": "repobility-threat-engine", "fingerprint": "69336d487aa146456194213941177d924d3ffb89ea796f1cb370513fc680adbd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|69336d487aa146456194213941177d924d3ffb89ea796f1cb370513fc680adbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/webapp-testing/examples/static_html_automation.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 59424, "scanner": "repobility-threat-engine", "fingerprint": "1b515d462bbf9147f629ee430a266450e34d1b9cf23dbe3bdec61d8d3034b37e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b515d462bbf9147f629ee430a266450e34d1b9cf23dbe3bdec61d8d3034b37e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/office/unpack.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 59423, "scanner": "repobility-threat-engine", "fingerprint": "b0b512692a083d0442fa1f46690d96213e273bec4052646bd80bc79843bed4e1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b0b512692a083d0442fa1f46690d96213e273bec4052646bd80bc79843bed4e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/redlining.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 59422, "scanner": "repobility-threat-engine", "fingerprint": "464f337726bb25730c5f818f462e32e0d5b178da05f71803b77a2e7dd114c758", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|464f337726bb25730c5f818f462e32e0d5b178da05f71803b77a2e7dd114c758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/unpack.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 59420, "scanner": "repobility-threat-engine", "fingerprint": "5043fdd1b2627fe17b5e0266a99ab03a8742cc82dbbb3ba2eefa9c7b6b254f8a", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|64|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/redlining.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 59419, "scanner": "repobility-threat-engine", "fingerprint": "fdba46981e5f826620a57df3004bb16a43d55bd01e5e8c8d7dab18de7e029d7b", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|74|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validate.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 59418, "scanner": "repobility-threat-engine", "fingerprint": "c61113dbb08f92d976fa06875b03347240bc085029ab2d9cebadb3ed1d785529", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|54|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/unpack.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_consolidate_text` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, for=1, if=3, nested_bonus=11, ternary=2."}, "properties": {"repobilityId": 59416, "scanner": "repobility-threat-engine", "fingerprint": "1ef74817d32649716319b8d653b75de688c10f1b9dfc5c485ae594db94627278", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_consolidate_text", "breakdown": {"if": 3, "for": 1, "elif": 1, "else": 1, "ternary": 2, "nested_bonus": 11}, "complexity": 19, "correlation_key": "fp|1ef74817d32649716319b8d653b75de688c10f1b9dfc5c485ae594db94627278"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/helpers/merge_runs.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 59403, "scanner": "repobility-threat-engine", "fingerprint": "650f7a326cdc982bce18e0e757c77a53456a3f3b8fb755507716bb8e5a895ecb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        output_path.parent.mkdir(parents=True, exist_ok=True)\n        shutil.copy2(input_path,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|650f7a326cdc982bce18e0e757c77a53456a3f3b8fb755507716bb8e5a895ecb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/accept_changes.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 59401, "scanner": "repobility-threat-engine", "fingerprint": "389bbefe5c0d6bd04540f0f956ba81e4c88ee63cfa62882e316f7e96a0b2f9d0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|133|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/algorithmic-art/templates/generator_template.js"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59398, "scanner": "repobility-ast-engine", "fingerprint": "41bb0777f0274df8ed3d5556926db00a0fd9a6c59c0970835fd96077d7bf26bd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41bb0777f0274df8ed3d5556926db00a0fd9a6c59c0970835fd96077d7bf26bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/office/validators/redlining.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59397, "scanner": "repobility-ast-engine", "fingerprint": "8eaf3145f864ae9fa95bc47f83dbaf83ea09a278a3a19468bc6fba88894070e6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8eaf3145f864ae9fa95bc47f83dbaf83ea09a278a3a19468bc6fba88894070e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/office/validators/pptx.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59396, "scanner": "repobility-ast-engine", "fingerprint": "1f46ec8afa62e629490c28c3aa5d5c6031ca593baca170c72b60721213de23c3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f46ec8afa62e629490c28c3aa5d5c6031ca593baca170c72b60721213de23c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/office/unpack.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59395, "scanner": "repobility-ast-engine", "fingerprint": "02c47c28712cd918cde170c2eb2b3de6d244725fbbdc3dcb31774f773284c07d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02c47c28712cd918cde170c2eb2b3de6d244725fbbdc3dcb31774f773284c07d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/thumbnail.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59394, "scanner": "repobility-ast-engine", "fingerprint": "20a2db314506fd9cbe20e3d23f867b68681ceb53f1ea62fdd5ec560dce43f865", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20a2db314506fd9cbe20e3d23f867b68681ceb53f1ea62fdd5ec560dce43f865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/thumbnail.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59393, "scanner": "repobility-ast-engine", "fingerprint": "37f727bb5e12ec2ce8108cb16cdd795cd215f62cf5254f6a77cd3bba84d3a0c8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37f727bb5e12ec2ce8108cb16cdd795cd215f62cf5254f6a77cd3bba84d3a0c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/helpers/simplify_redlines.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59392, "scanner": "repobility-ast-engine", "fingerprint": "918e99b6d7550bbfe41656bc3c2cbf92b42ac7fc508256c3b43356dde97cf938", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|918e99b6d7550bbfe41656bc3c2cbf92b42ac7fc508256c3b43356dde97cf938"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/helpers/merge_runs.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59391, "scanner": "repobility-ast-engine", "fingerprint": "6036d7b34672622b5029f3805d81644fc8af151aabf2a1419205aa373fa0a6ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6036d7b34672622b5029f3805d81644fc8af151aabf2a1419205aa373fa0a6ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/docx.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59390, "scanner": "repobility-ast-engine", "fingerprint": "29e7cf132379a040c25a9455203eb674f93ded4c8050647e431da64819743df4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29e7cf132379a040c25a9455203eb674f93ded4c8050647e431da64819743df4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/docx.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59389, "scanner": "repobility-ast-engine", "fingerprint": "08a292e63fbfc7abfc1901d01bd19edd79fc451a8952805a8a61c4caf4bd97ac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08a292e63fbfc7abfc1901d01bd19edd79fc451a8952805a8a61c4caf4bd97ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 564}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59388, "scanner": "repobility-ast-engine", "fingerprint": "70ce1490725cb4fc0a0445f2207e7cd90ded41602eca50632070777149958d9b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70ce1490725cb4fc0a0445f2207e7cd90ded41602eca50632070777149958d9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 454}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59387, "scanner": "repobility-ast-engine", "fingerprint": "dddec6f9ba17c8a29b7eb7d51d3d8925916918d88feda2136a072fa9c0a9c5d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dddec6f9ba17c8a29b7eb7d51d3d8925916918d88feda2136a072fa9c0a9c5d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 357}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59386, "scanner": "repobility-ast-engine", "fingerprint": "cfbd74701f2875da671965d8d5bddbaae41fe54f60e0316814d717dedaa9b342", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfbd74701f2875da671965d8d5bddbaae41fe54f60e0316814d717dedaa9b342"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59385, "scanner": "repobility-ast-engine", "fingerprint": "06fd40e36be88b7a248249673696a29b3bba92fef445245cd6aae92bf311804f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|06fd40e36be88b7a248249673696a29b3bba92fef445245cd6aae92bf311804f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 784}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59384, "scanner": "repobility-ast-engine", "fingerprint": "59db08fb63f9f181ad44960cace91605d6a972cac67d6a870e28c324e45f48c6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59db08fb63f9f181ad44960cace91605d6a972cac67d6a870e28c324e45f48c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 583}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59382, "scanner": "repobility-ast-engine", "fingerprint": "7b0fa2adb15e4ede4cb4e4951a07faff973b4b09cc16fc7402b24d80cc45b256", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b0fa2adb15e4ede4cb4e4951a07faff973b4b09cc16fc7402b24d80cc45b256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/redlining.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59381, "scanner": "repobility-ast-engine", "fingerprint": "028b217e4cf9d85803203e676564126b01c40ab0f28b83fc42b76b4f906db618", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|028b217e4cf9d85803203e676564126b01c40ab0f28b83fc42b76b4f906db618"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/pptx.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59380, "scanner": "repobility-ast-engine", "fingerprint": "ca3a6005a4b40bd93df82d14ca0998d0ed7e8873ffab253ce907f76e2c82455e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca3a6005a4b40bd93df82d14ca0998d0ed7e8873ffab253ce907f76e2c82455e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/unpack.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59379, "scanner": "repobility-ast-engine", "fingerprint": "21880cd86a6ddc083dadf8b149ee16a5197887258ee07217db7d87344dd9f30b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21880cd86a6ddc083dadf8b149ee16a5197887258ee07217db7d87344dd9f30b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/accept_changes.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59378, "scanner": "repobility-ast-engine", "fingerprint": "64337233628d56a3519da81180160c0a9854c26698ea90f9dc0bb6c9e6c816c2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64337233628d56a3519da81180160c0a9854c26698ea90f9dc0bb6c9e6c816c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/evaluation.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59377, "scanner": "repobility-ast-engine", "fingerprint": "492ae91b81ba7df1859796154c9c81259629984998bd6d0e34fa77a74459f9dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|492ae91b81ba7df1859796154c9c81259629984998bd6d0e34fa77a74459f9dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/evaluation.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59376, "scanner": "repobility-ast-engine", "fingerprint": "0c45dba99bde79940476925d049ef947afe839b0582f7ed4113f949ffce1946d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c45dba99bde79940476925d049ef947afe839b0582f7ed4113f949ffce1946d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/core/validators.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59375, "scanner": "repobility-ast-engine", "fingerprint": "1c55047ff614ad5ec1dfeb31a604f861cb0fb8b5ca9ace4ea88298b5097f77ed", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c55047ff614ad5ec1dfeb31a604f861cb0fb8b5ca9ace4ea88298b5097f77ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/core/validators.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59372, "scanner": "repobility-ast-engine", "fingerprint": "d994cce15a49e7b1e9e092e3c8c1b80b5aa824242855b361035edb7ac9cb0895", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d994cce15a49e7b1e9e092e3c8c1b80b5aa824242855b361035edb7ac9cb0895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/scripts/run_eval.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 59371, "scanner": "repobility-ast-engine", "fingerprint": "62bf3529db5a4241fc5e1e279a3f8dec5ade318f720324b4d593f04697cbca7e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62bf3529db5a4241fc5e1e279a3f8dec5ade318f720324b4d593f04697cbca7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/scripts/package_skill.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `add_comment` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=7, nested_bonus=1, ternary=1."}, "properties": {"repobilityId": 59415, "scanner": "repobility-threat-engine", "fingerprint": "10ea822fe13ff6802680233d402aff1354f5bec05dc03c8deb4927245cbffafa", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "add_comment", "breakdown": {"if": 7, "else": 1, "ternary": 1, "nested_bonus": 1}, "complexity": 10, "correlation_key": "fp|10ea822fe13ff6802680233d402aff1354f5bec05dc03c8deb4927245cbffafa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/comment.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_find_para_id` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=2, if=2, nested_bonus=6."}, "properties": {"repobilityId": 59414, "scanner": "repobility-threat-engine", "fingerprint": "d9df01a5a6aff65d1a8f507d4b8f6bd3b0ed93f7634a3b426a0b4742e15b0456", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_find_para_id", "breakdown": {"if": 2, "for": 2, "nested_bonus": 6}, "complexity": 10, "correlation_key": "fp|d9df01a5a6aff65d1a8f507d4b8f6bd3b0ed93f7634a3b426a0b4742e15b0456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/comment.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 59345, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 59435, "scanner": "repobility-threat-engine", "fingerprint": "4c0f91cb3449205883aac4fd68ffb995b89fbe796bb6fac110d8864e4b6b55f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c0f91cb3449205883aac4fd68ffb995b89fbe796bb6fac110d8864e4b6b55f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/web-artifacts-builder/scripts/init-artifact.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 59425, "scanner": "repobility-threat-engine", "fingerprint": "8a4bd872da419130753367ef5a61efa729f221dd8f26dbedd7003551d50a5f41", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a4bd872da419130753367ef5a61efa729f221dd8f26dbedd7003551d50a5f41"}}}, {"ruleId": "SEC012", "level": "none", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 59421, "scanner": "repobility-threat-engine", "fingerprint": "64774878b4e43fabc6f9819e1d200041ea226c1bde58c7e6eff35871707b6435", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|64774878b4e43fabc6f9819e1d200041ea226c1bde58c7e6eff35871707b6435"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "properties": {"repobilityId": 59417, "scanner": "repobility-threat-engine", "fingerprint": "7b1079a9027a59b20567376066c674a8298c082363d5274ad79fe72ab4d751b4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 79 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_find_para_id", "breakdown": {"if": 2, "for": 2, "nested_bonus": 6}, "aggregated": true, "complexity": 10, "correlation_key": "fp|7b1079a9027a59b20567376066c674a8298c082363d5274ad79fe72ab4d751b4", "aggregated_count": 79}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 59413, "scanner": "repobility-threat-engine", "fingerprint": "0e87fb84ca93ee29f593dc34b2e01034b2b11f7cd91040a7dfa844a7632b0d1e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0e87fb84ca93ee29f593dc34b2e01034b2b11f7cd91040a7dfa844a7632b0d1e", "aggregated_count": 6}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 59412, "scanner": "repobility-threat-engine", "fingerprint": "9819d8babd6882f3302ffb104070b30cc805be6b6525c7f7b08ecf759fd356fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9819d8babd6882f3302ffb104070b30cc805be6b6525c7f7b08ecf759fd356fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/redlining.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 59411, "scanner": "repobility-threat-engine", "fingerprint": "0e692eb0394d3a4ba073ee0ef5fbc84fb3eec1414c767e5f05a13e7a337dd806", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0e692eb0394d3a4ba073ee0ef5fbc84fb3eec1414c767e5f05a13e7a337dd806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/unpack.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 59410, "scanner": "repobility-threat-engine", "fingerprint": "c7c2df0a3ac7b7a1673f8b3abaedb8b159f68430766d9c883c9870e8c5956ce8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7c2df0a3ac7b7a1673f8b3abaedb8b159f68430766d9c883c9870e8c5956ce8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/comment.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 59409, "scanner": "repobility-threat-engine", "fingerprint": "bb423e21d8bdc29e6dfc844c3717d0dc4cb6b828860c7155ecb21a5fcf036249", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bb423e21d8bdc29e6dfc844c3717d0dc4cb6b828860c7155ecb21a5fcf036249", "aggregated_count": 6}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 59405, "scanner": "repobility-threat-engine", "fingerprint": "fc22eab2544d73c664d2f7e1cd1b510dab0bf89dccd319605c21afaeb5f1ab35", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc22eab2544d73c664d2f7e1cd1b510dab0bf89dccd319605c21afaeb5f1ab35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/xlsx/scripts/recalc.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 59404, "scanner": "repobility-threat-engine", "fingerprint": "529045b526dbd0645a7cf253c115fc450b5af4f2e07a3c72471dc432bca76ad2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|529045b526dbd0645a7cf253c115fc450b5af4f2e07a3c72471dc432bca76ad2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/accept_changes.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "CORE_NO_CI", "level": "none", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 59346, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy.", "rule_id": "CORE_NO_CI", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 59344, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "GHSA-44wm-f244-xhp3", "level": "error", "message": {"text": "pillow: GHSA-44wm-f244-xhp3"}, "properties": {"repobilityId": 59445, "scanner": "osv-scanner", "fingerprint": "195f0d5daf09a0ce8c58e7b4bed23e35dac1afbc9f51f8a13fee04e5db1e600c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2024-28219", "CVE-2024-28219"], "package": "pillow", "rule_id": "GHSA-44wm-f244-xhp3", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2024-28219|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-165", "level": "error", "message": {"text": "pillow: PYSEC-2026-165"}, "properties": {"repobilityId": 59443, "scanner": "osv-scanner", "fingerprint": "2c5ec27d6b17a637ca23c40b498e08b05747780889513ab33869b72b58ccb208", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42308", "CVE-2026-42308", "GHSA-wjx4-4jcj-g98j"], "package": "pillow", "rule_id": "PYSEC-2026-165", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42308|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wjx4-4jcj-g98j", "PYSEC-2026-165"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2c5ec27d6b17a637ca23c40b498e08b05747780889513ab33869b72b58ccb208", "d60c4840e6917b820dfb4363c603efe393639f6dc9bf8a1af5947f4c654190d9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-175", "level": "error", "message": {"text": "pillow: PYSEC-2023-175"}, "properties": {"repobilityId": 59442, "scanner": "osv-scanner", "fingerprint": "2e3db040182b660ffc2c5586214d12ea32f4dc6fb0366d6c90a12aa6b252a251", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "package": "pillow", "rule_id": "PYSEC-2023-175", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2023-4863|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j7hp-h8jx-5ppr", "PYSEC-2023-175"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2e3db040182b660ffc2c5586214d12ea32f4dc6fb0366d6c90a12aa6b252a251", "a83131ee5742dc4ca9fcf3d6f997e2e2c9098c3720b35c5faec53439fae46efd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j975-95f5-7wqh", "level": "error", "message": {"text": "mcp: GHSA-j975-95f5-7wqh"}, "properties": {"repobilityId": 59441, "scanner": "osv-scanner", "fingerprint": "4eac6f0c05a35a443e46420b228c41c0cc9dd65883565518e6c2f0d88b23bb1c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-53365"], "package": "mcp", "rule_id": "GHSA-j975-95f5-7wqh", "scanner": "osv-scanner", "correlation_key": "vuln|mcp|CVE-2025-53365|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9h52-p55h-vw2f", "level": "error", "message": {"text": "mcp: GHSA-9h52-p55h-vw2f"}, "properties": {"repobilityId": 59440, "scanner": "osv-scanner", "fingerprint": "41bede46e10a6cb6e6be54c879ce0c3da9f6d81b6d6908c310e487af8489e44b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66416"], "package": "mcp", "rule_id": "GHSA-9h52-p55h-vw2f", "scanner": "osv-scanner", "correlation_key": "vuln|mcp|CVE-2025-66416|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3qhf-m339-9g5v", "level": "error", "message": {"text": "mcp: GHSA-3qhf-m339-9g5v"}, "properties": {"repobilityId": 59439, "scanner": "osv-scanner", "fingerprint": "febcc7af10bf08b35d343e7bc4ce002a1d0c69922c2f745cbfa1b31fec66c867", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-53366"], "package": "mcp", "rule_id": "GHSA-3qhf-m339-9g5v", "scanner": "osv-scanner", "correlation_key": "vuln|mcp|CVE-2025-53366|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 59438, "scanner": "repobility-threat-engine", "fingerprint": "ce6aa8e6f86e90a8cf37ec749d99eb6a7915dddd200a09101c111cf4f046d9fb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce6aa8e6f86e90a8cf37ec749d99eb6a7915dddd200a09101c111cf4f046d9fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/webapp-testing/scripts/with_server.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 59434, "scanner": "repobility-threat-engine", "fingerprint": "f279f16ee4e508df7c60586ca9807635725282e26c0f97c04e93cc832dc7d814", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|13|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pdf/scripts/create_validation_image.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 59433, "scanner": "repobility-threat-engine", "fingerprint": "a180620e4dd41db6254fe319c3425e89924b17da5ac65859fe06bab4dee7b1ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "placeholder_img.save(placeholder_path, \"JPEG\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a180620e4dd41db6254fe319c3425e89924b17da5ac65859fe06bab4dee7b1ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/thumbnail.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 59432, "scanner": "repobility-threat-engine", "fingerprint": "41767c22913d062af923c95764c89d2a5be2b2941729bbeda7284d90c478e087", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "img.save(output_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|41767c22913d062af923c95764c89d2a5be2b2941729bbeda7284d90c478e087"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pdf/scripts/create_validation_image.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 59431, "scanner": "repobility-threat-engine", "fingerprint": "c3b8c2bca658846c94c26f3afc67edb55319629f787654f06de8a5dc8498e2de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "image.save(image_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c3b8c2bca658846c94c26f3afc67edb55319629f787654f06de8a5dc8498e2de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pdf/scripts/convert_pdf_to_images.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 59430, "scanner": "repobility-threat-engine", "fingerprint": "170678c62ab3ad91d0f79964f348ed8c6d6288a0aab198bee7452f7442712629", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|170678c62ab3ad91d0f79964f348ed8c6d6288a0aab198bee7452f7442712629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/connections.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 59429, "scanner": "repobility-threat-engine", "fingerprint": "5b4cdd51c8872ff43f6c30aa79ae12f4ec8bda1b274a6bbf3026ac07fd6c5a0b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL (s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b4cdd51c8872ff43f6c30aa79ae12f4ec8bda1b274a6bbf3026ac07fd6c5a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/mcp-builder/scripts/connections.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED023", "level": "error", "message": {"text": "[MINED023] Xxe Sax Default: xml.etree.ElementTree.parse / xml.sax / lxml without disable-entities \u2014 XXE attack."}, "properties": {"repobilityId": 59428, "scanner": "repobility-threat-engine", "fingerprint": "f1d530d0972214f30b83c5b17705b73b7ae7f69956299185ed2433f82edefde9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "xxe-sax-default", "owasp": "A05:2021", "cwe_ids": ["CWE-611"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347952+00:00", "triaged_in_corpus": 15, "observations_count": 38926, "ai_coder_pattern_id": 33}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1d530d0972214f30b83c5b17705b73b7ae7f69956299185ed2433f82edefde9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/xlsx/scripts/office/validators/pptx.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED023", "level": "error", "message": {"text": "[MINED023] Xxe Sax Default: xml.etree.ElementTree.parse / xml.sax / lxml without disable-entities \u2014 XXE attack."}, "properties": {"repobilityId": 59427, "scanner": "repobility-threat-engine", "fingerprint": "4633c635a4a94e43b28975a3296e00ca8d67d8fc925792cb472cf97058819504", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "xxe-sax-default", "owasp": "A05:2021", "cwe_ids": ["CWE-611"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347952+00:00", "triaged_in_corpus": 15, "observations_count": 38926, "ai_coder_pattern_id": 33}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4633c635a4a94e43b28975a3296e00ca8d67d8fc925792cb472cf97058819504"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/office/validators/pptx.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED023", "level": "error", "message": {"text": "[MINED023] Xxe Sax Default: xml.etree.ElementTree.parse / xml.sax / lxml without disable-entities \u2014 XXE attack."}, "properties": {"repobilityId": 59426, "scanner": "repobility-threat-engine", "fingerprint": "1979c174546a8574b6af668be04b7a65d15fe80716fc3d1317367fea5ce0099b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "xxe-sax-default", "owasp": "A05:2021", "cwe_ids": ["CWE-611"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347952+00:00", "triaged_in_corpus": 15, "observations_count": 38926, "ai_coder_pattern_id": 33}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1979c174546a8574b6af668be04b7a65d15fe80716fc3d1317367fea5ce0099b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/pptx.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 59408, "scanner": "repobility-threat-engine", "fingerprint": "8b7dc42da659c2ae8390330162af2b4ecb3e3e2759230e05fa7c42e2a3bcc1bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b7dc42da659c2ae8390330162af2b4ecb3e3e2759230e05fa7c42e2a3bcc1bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/redlining.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 59407, "scanner": "repobility-threat-engine", "fingerprint": "afc1b123e26c56e54b9b9a2fe5324345292a163f3966120f55ad8a498e5c5862", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|afc1b123e26c56e54b9b9a2fe5324345292a163f3966120f55ad8a498e5c5862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/unpack.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 59406, "scanner": "repobility-threat-engine", "fingerprint": "2b77a3c532b8aaf9d3305ccb75446661289cd075cdc72f46a7df798ea9c45008", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b77a3c532b8aaf9d3305ccb75446661289cd075cdc72f46a7df798ea9c45008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/comment.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 59402, "scanner": "repobility-threat-engine", "fingerprint": "fbf33a25026f64fb7d594d7f5d78d1f1286af2d36a05d775353dde2b9d35595d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(hex", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fbf33a25026f64fb7d594d7f5d78d1f1286af2d36a05d775353dde2b9d35595d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/algorithmic-art/templates/generator_template.js"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.optimize_colors` used but never assigned in __init__"}, "properties": {"repobilityId": 59374, "scanner": "repobility-ast-engine", "fingerprint": "953a6ea021b2895a9dec71ffe44c5268d95242cfbd6d9b2ec99628ff4eb26a23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|953a6ea021b2895a9dec71ffe44c5268d95242cfbd6d9b2ec99628ff4eb26a23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/core/gif_builder.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.add_frame` used but never assigned in __init__"}, "properties": {"repobilityId": 59373, "scanner": "repobility-ast-engine", "fingerprint": "b72a2e7518e9504bc413569f0a0043828789420e96dff6073a5494d95401a3a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b72a2e7518e9504bc413569f0a0043828789420e96dff6073a5494d95401a3a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/core/gif_builder.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 59370, "scanner": "repobility-ast-engine", "fingerprint": "380ddb5c3a94305962d3a3281e5efc8c13fb80f759eb1fd1fd12b3c50a273947", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|380ddb5c3a94305962d3a3281e5efc8c13fb80f759eb1fd1fd12b3c50a273947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 374}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.headers` used but never assigned in __init__"}, "properties": {"repobilityId": 59369, "scanner": "repobility-ast-engine", "fingerprint": "73f6107e5a303fb1f87642affb5552fcc2f47dbfd1b9fc76a69ad9944bb84269", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73f6107e5a303fb1f87642affb5552fcc2f47dbfd1b9fc76a69ad9944bb84269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 59368, "scanner": "repobility-ast-engine", "fingerprint": "943de514a1fc5775a78340831f88068a84f36460d4156f31c94142afaddc1131", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|943de514a1fc5775a78340831f88068a84f36460d4156f31c94142afaddc1131"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 378}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 59367, "scanner": "repobility-ast-engine", "fingerprint": "7d0562df3ee7c45f8afe903fbb8262c75bd64c025b3d3b1dbc12d14ce6cb3ff4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d0562df3ee7c45f8afe903fbb8262c75bd64c025b3d3b1dbc12d14ce6cb3ff4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 371}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.rfile` used but never assigned in __init__"}, "properties": {"repobilityId": 59366, "scanner": "repobility-ast-engine", "fingerprint": "53e09347c59965cc5c66cf76f2e98b166a5a7a2361872e6a097fd3cc80b6c3e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53e09347c59965cc5c66cf76f2e98b166a5a7a2361872e6a097fd3cc80b6c3e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_error` used but never assigned in __init__"}, "properties": {"repobilityId": 59365, "scanner": "repobility-ast-engine", "fingerprint": "28381f9233c9c5c1371d735c7951ffedc3457c7604bbd1188bbcdeafbee2198a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28381f9233c9c5c1371d735c7951ffedc3457c7604bbd1188bbcdeafbee2198a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 380}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 59364, "scanner": "repobility-ast-engine", "fingerprint": "68a4a565377a1e65254cc613f15116418d29e6f59a2a6e49943c71683a2a7830", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68a4a565377a1e65254cc613f15116418d29e6f59a2a6e49943c71683a2a7830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 59363, "scanner": "repobility-ast-engine", "fingerprint": "27fe0f979899d276b48b1cd3a88dd17f550183d4804770e3691aa5958513f994", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27fe0f979899d276b48b1cd3a88dd17f550183d4804770e3691aa5958513f994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 376}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 59362, "scanner": "repobility-ast-engine", "fingerprint": "267c7d7b2aba56c43e3c96e83251548f1d9e0995771fa09f783bf37418982d99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|267c7d7b2aba56c43e3c96e83251548f1d9e0995771fa09f783bf37418982d99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 59361, "scanner": "repobility-ast-engine", "fingerprint": "2b0da5982d5f1cedf5edfdfb6644bc517f5eccf441d5733bbd7ac417f73c2ff8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b0da5982d5f1cedf5edfdfb6644bc517f5eccf441d5733bbd7ac417f73c2ff8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 59360, "scanner": "repobility-ast-engine", "fingerprint": "bfd5ecc42e28780c3d5d0178eda0450302ef2ac924632e2e5237c02ba1f412f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bfd5ecc42e28780c3d5d0178eda0450302ef2ac924632e2e5237c02ba1f412f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 357}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_error` used but never assigned in __init__"}, "properties": {"repobilityId": 59359, "scanner": "repobility-ast-engine", "fingerprint": "74d66c31fb58e78bcd5776560d59115ea4fd0d4cbcb3582db2ad70bb5e659be6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74d66c31fb58e78bcd5776560d59115ea4fd0d4cbcb3582db2ad70bb5e659be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 359}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 59358, "scanner": "repobility-ast-engine", "fingerprint": "d15976453295c8e2b74d9e72593f976df19093c72c176ebfb3a94078d18d8f2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d15976453295c8e2b74d9e72593f976df19093c72c176ebfb3a94078d18d8f2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 59357, "scanner": "repobility-ast-engine", "fingerprint": "c9157050fda4e8aff0c75bbceb074ae381ae25cf8268b96218ee89e94898523e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9157050fda4e8aff0c75bbceb074ae381ae25cf8268b96218ee89e94898523e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 59356, "scanner": "repobility-ast-engine", "fingerprint": "ebbe17e0348a775def6aa25057bf82b8c9f23f225b068a38019629617dd8314f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebbe17e0348a775def6aa25057bf82b8c9f23f225b068a38019629617dd8314f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 59355, "scanner": "repobility-ast-engine", "fingerprint": "d8677a8b707f6a460db21cebacf968217f7357a250ba41ef690397af5ca2e26e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8677a8b707f6a460db21cebacf968217f7357a250ba41ef690397af5ca2e26e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 353}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.wfile` used but never assigned in __init__"}, "properties": {"repobilityId": 59354, "scanner": "repobility-ast-engine", "fingerprint": "2f1773b949928129825430829d816fb2c07341f13dc39d9b3c667874328d0cfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f1773b949928129825430829d816fb2c07341f13dc39d9b3c667874328d0cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 59353, "scanner": "repobility-ast-engine", "fingerprint": "8c8358184bf563a55203fb1148dee1b93fa9734203fce811cc1a9f14d8bea417", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c8358184bf563a55203fb1148dee1b93fa9734203fce811cc1a9f14d8bea417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.end_headers` used but never assigned in __init__"}, "properties": {"repobilityId": 59352, "scanner": "repobility-ast-engine", "fingerprint": "8748864fdef63ad10895d2f224ba09fb83f41fe920731f3c2e294c1c941b7865", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8748864fdef63ad10895d2f224ba09fb83f41fe920731f3c2e294c1c941b7865"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 347}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 59351, "scanner": "repobility-ast-engine", "fingerprint": "e652109398cb98cf3da6293600ab1094214e847d20160c9d5fc28002a29babe6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e652109398cb98cf3da6293600ab1094214e847d20160c9d5fc28002a29babe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_header` used but never assigned in __init__"}, "properties": {"repobilityId": 59350, "scanner": "repobility-ast-engine", "fingerprint": "5ce8f213939da5b5a9bc1fffd884ced5e28e9c9ab988c17ff644ccde0a1785e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ce8f213939da5b5a9bc1fffd884ced5e28e9c9ab988c17ff644ccde0a1785e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 345}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.send_response` used but never assigned in __init__"}, "properties": {"repobilityId": 59349, "scanner": "repobility-ast-engine", "fingerprint": "fe4c45a533bf0e1470c7c1dd325120ea60ffaaea8a0a65988a5ec79ec6979b01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe4c45a533bf0e1470c7c1dd325120ea60ffaaea8a0a65988a5ec79ec6979b01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.path` used but never assigned in __init__"}, "properties": {"repobilityId": 59348, "scanner": "repobility-ast-engine", "fingerprint": "fd862f18c5f9e43a2ed753dfe045ba4a4950eff7a6367b138813aafe03b206f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd862f18c5f9e43a2ed753dfe045ba4a4950eff7a6367b138813aafe03b206f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "GHSA-3f63-hfp8-52jq", "level": "error", "message": {"text": "pillow: GHSA-3f63-hfp8-52jq"}, "properties": {"repobilityId": 59444, "scanner": "osv-scanner", "fingerprint": "de2ebcdc06e2155525c6000d189f771122746b029810732e6f17da38d868daeb", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2023-50447", "CVE-2023-50447"], "package": "pillow", "rule_id": "GHSA-3f63-hfp8-52jq", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2023-50447|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/slack-gif-creator/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `warnings` used but not imported"}, "properties": {"repobilityId": 59400, "scanner": "repobility-ast-engine", "fingerprint": "d5f7d65882f104ea7bd87b0d8abbdec704abdc64c7e783d59616eaaf4f355b52", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5f7d65882f104ea7bd87b0d8abbdec704abdc64c7e783d59616eaaf4f355b52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/xlsx/scripts/office/validators/base.py"}, "region": {"startLine": 827}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `warnings` used but not imported"}, "properties": {"repobilityId": 59399, "scanner": "repobility-ast-engine", "fingerprint": "ee083fe890e778ad67e00622106a32d1b710fb606b190e389fb40dc6a02b51e8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee083fe890e778ad67e00622106a32d1b710fb606b190e389fb40dc6a02b51e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/pptx/scripts/office/validators/base.py"}, "region": {"startLine": 827}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `warnings` used but not imported"}, "properties": {"repobilityId": 59383, "scanner": "repobility-ast-engine", "fingerprint": "d43927803841d78d95b9596415d547d87addd35ee72dd34fa87531ff255e09e6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d43927803841d78d95b9596415d547d87addd35ee72dd34fa87531ff255e09e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/docx/scripts/office/validators/base.py"}, "region": {"startLine": 827}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 59347, "scanner": "repobility-ast-engine", "fingerprint": "2b22ae24eceb50b478de92c5d25d5ab6374afe3d7d59b5fafb3bc754b65788b1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b22ae24eceb50b478de92c5d25d5ab6374afe3d7d59b5fafb3bc754b65788b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-creator/eval-viewer/generate_review.py"}, "region": {"startLine": 343}}}]}]}]}