Repudiation Analysis

Analyze source code for repudiation threats where users can deny having performed actions due to insufficient logging and evidence. Maps to STRIDE R -- violations of the Non-repudiation security property.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags including --scope, --depth, --severity, --format, --fix, --quiet, and --explain.

Framework Context

Read ../../shared/frameworks/stride.md, specifically the R - Repudiation section, for the threat model backing this analysis. Key concerns: missing audit logs, log tampering, log injection, insufficient logging detail, log deletion.

Workflow

1. Determine Scope

Parse flags and resolve the target file list per the flags spec. Prioritize files containing security-critical operations:

• Authentication handlers (login, logout, password reset, MFA enrollment)