Skip to content

Commit 2ab0bef

Browse files
committed
Address direct prompting
1 parent 9bde991 commit 2ab0bef

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

.github/skillspector-allow.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,3 +123,15 @@ suppressions:
123123
to locate and replace the rule block in AGENTS.md in place on re-runs. It
124124
carries no instructions; the surrounding rule text is plain, reviewable
125125
content by design (it is the installable routing rule itself).
126+
- skill: serving-llms-on-instinct
127+
rule: SC2
128+
file: data/recipes_cache.json
129+
match: External Script Fetching
130+
reason: >-
131+
False positive. The flag is on a `"guide"` markdown string (a recipe doc
132+
embedded in this JSON cache, not runnable code). Its shell snippets are
133+
illustrative: `uv pip install ... --extra-index-url https://wheels.vllm.ai/nightly`
134+
installs vLLM from an HTTPS package index (the recommended-safe pattern),
135+
and `curl http://localhost:8000/... | python3 -m json.tool` pipes a
136+
localhost API response into a JSON pretty-printer. There is no
137+
download-and-execute of a remote script (no `curl ... | bash`/`sh`).

0 commit comments

Comments
 (0)