Proposed Skill
Skill name: browser-print-export-redaction-review
Category: other
Severity: medium
What It Detects
Print, PDF, and browser export paths often bypass on-screen masking or field-level redaction controls.
Why This Skill Is Needed
This topic shows up in real security reviews and incident patterns, but it is not cleanly represented in the current proposal set. A dedicated skill would make the review repeatable instead of relying on ad hoc notes.
Detection Approach
Model the trust boundary for this workflow, then look for weak validation, stale assumptions, unsafe exceptions, missing provenance, and non-human or background paths that get broader reach than intended.
Languages / Frameworks
- web admin consoles
- reporting exports
Example Vulnerable Code
An implementation exposes this workflow with permissive defaults, incomplete boundary checks, and no durable audit or provenance trail.
Example Remediation
Constrain scope, validate the trust boundary explicitly, preserve provenance, and require repeatable verification evidence before approving this workflow.
References
- OWASP guidance for the relevant domain
- Relevant CWE, NIST, or cloud-provider security guidance
Estimated Complexity
Bounty Info
Wait for maintainer approval before starting implementation. Please confirm whether this topic is in scope.
Proposed Skill
Skill name:
browser-print-export-redaction-reviewCategory: other
Severity: medium
What It Detects
Print, PDF, and browser export paths often bypass on-screen masking or field-level redaction controls.
Why This Skill Is Needed
This topic shows up in real security reviews and incident patterns, but it is not cleanly represented in the current proposal set. A dedicated skill would make the review repeatable instead of relying on ad hoc notes.
Detection Approach
Model the trust boundary for this workflow, then look for weak validation, stale assumptions, unsafe exceptions, missing provenance, and non-human or background paths that get broader reach than intended.
Languages / Frameworks
Example Vulnerable Code
Example Remediation
References
Estimated Complexity
Bounty Info
Wait for maintainer approval before starting implementation. Please confirm whether this topic is in scope.