Information Disclosure Analysis

Analyze source code for information disclosure threats where sensitive data leaks to unauthorized parties. Maps to STRIDE I -- violations of the Confidentiality security property.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags including --scope, --depth, --severity, --format, --fix, --quiet, and --explain.

Framework Context

Read ../../shared/frameworks/stride.md, specifically the I - Information Disclosure section, for the threat model backing this analysis. Key concerns: data breaches, directory traversal, error message leaks, timing attacks, memory dumps, cleartext transmission.

Workflow

1. Determine Scope

Parse flags and resolve the target file list per the flags spec. Filter to files likely handling sensitive data:

• API response builders and serializers