13 lines
623 B
Plaintext
13 lines
623 B
Plaintext
# Security scan allowlist for html-ppt-skill
|
|
# These patterns are false positives from template content, not actual threats.
|
|
|
|
# Path traversal: templates reference shared assets via relative paths
|
|
# e.g. templates/full-decks/weekly-report/ → ../../../assets/
|
|
# This is the correct relative path to the skill root assets directory.
|
|
traversal:templates/full-decks/*/index.html
|
|
|
|
# Destructive commands: testing-safety-alert template displays forbidden
|
|
# commands as text examples in a security policy demo slide.
|
|
# They are HTML content, not executable code.
|
|
destructive:templates/full-decks/testing-safety-alert/index.html
|