[v3.6.0-rc1] - 2026-01-07
Changed
- 🎯 Audit Prompt Optimization: Reduced false positives by focusing on network-layer vulnerabilities
- Added input source risk priority rules, ignoring CLI inputs
- Only report medium+ severity vulnerabilities
- Command injection detection excludes CLI parameter scenarios
- Credential theft detection requires network exfiltration path
- 🔍 Skill Project Audit: Improved Skill project security analysis
- Skill projects don't require MCP risk classification
- Focus on malicious behavior detection (reverse shell, data exfiltration, backdoor, cryptominer)
- Ignore code quality and development standard issues
- ✅ Quality Checklist: Added network reachability verification to vulnerability review