[NEW SKILL] fine-grained-audit-redaction-review

[JeremyZeng77]

Proposed Skill

Skill name: fine-grained-audit-redaction-review
Category: secops
Severity: medium

What It Detects

Audit logs often overexpose tokens, personal data, or secrets while still failing to preserve the actor and approval context needed for investigations.

Why This Skill Is Needed

This topic appears in real security reviews, but it is not represented cleanly in the current library. A dedicated skill would make the review repeatable and easier to apply across products.

Detection Approach

Map the trust boundary, identify where authority is derived, then review validation, provenance, exception handling, replay behavior, and background or operator paths that may get broader reach than intended.

Languages / Frameworks

• audit logging
• admin and compliance systems

Example Vulnerable Pattern

Authority or access is inferred from a weak context signal,
then reused in a broader path without a fresh authorization check.

Example Remediation

Bind authority to explicit actor and resource context,
re-check it at the sensitive boundary,
and log approval or provenance for privileged paths.

References

• OWASP ASVS
• NIST SP 800-53
• Relevant vendor or protocol guidance for this control family

Estimated Complexity

• Standard ($200) - Well-known vuln class, single language, straightforward detection
• Intermediate ($350) - Multiple languages/frameworks, nuanced detection logic
• Complex ($500) - Novel detection approach, comprehensive coverage, low FP rate

Bounty Info

• I have read and agree to the CONTRIBUTING.md bounty terms
• Preferred payment method: PayPal https://paypal.me/Jeremytsangchina

[YfengJ]

/attempt #2412

Plan:

• Add a dedicated fine-grained-audit-redaction-review skill for audit logging, admin actions, compliance systems, and security telemetry.
• Cover field-level redaction policy, token/secret/personal-data handling, actor/approval/context preservation, replay-safe evidence, operator paths, downstream sinks, and regression evidence.
• Add vulnerable and benign fixtures showing overexposed audit logs versus field-level redaction that preserves investigation context.
• Update the skill index and validate YAML parsing, markdown fences, JSON fixtures, and diff whitespace.

Requested bounty tier: Intermediate ($350). Payment details can be provided privately after maintainer acceptance.

[YfengJ]

Submitted PR #2578 for this item: #2578

It adds the fine-grained-audit-redaction-review skill with gates for field-level classification/redaction, investigation context preservation, sink-specific views, unmasking and break-glass controls, debug/replay safety, and regression evidence, plus vulnerable and benign fixtures. Requested bounty tier: Intermediate ($350). Payment details can be provided privately after maintainer acceptance.