Skills

static-vulnerability-detector

Installation
SKILL.md

Static Vulnerability Detector

This skill delegates to Project CodeGuard — the CoSAI open-source, model-agnostic security framework. Rather than maintaining a parallel vulnerability taxonomy, it dispatches to CodeGuard's rule set by language and sink class.

Upstream: https://github.com/cosai-oasis/project-codeguard/tree/main/skills/software-security

Dispatch

Given the language of the code under review, apply these CodeGuard rules:

Finding class CodeGuard rule
SQL/NoSQL/LDAP/OS-command injection codeguard-0-input-validation-injection
XXE, unsafe deserialization codeguard-0-xml-and-serialization
XSS, DOM sinks, CSP, CSRF codeguard-0-client-side-web-security
Path traversal, upload validation codeguard-0-file-handling-and-uploads
IDOR, missing authz, mass assignment codeguard-0-authorization-access-control
SSRF, missing authn, rate limits codeguard-0-api-web-services
Installs
1
Repository
santosomar/gene…t-skills
GitHub Stars
1
First Seen
Mar 29, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
static-vulnerability-detector — santosomar/general-secure-coding-agent-skills