Skills

taint-instrumentation-assistant

Installation
SKILL.md

Taint Instrumentation Assistant

This skill delegates to Project CodeGuard for its source/sink/sanitizer taxonomy — specifically codeguard-0-input-validation-injection, which defines the trust boundaries (HTTP params, env, files, IPC) and dangerous sinks (query execution, shell, eval, filesystem) per language.

Upstream: https://github.com/cosai-oasis/project-codeguard/tree/main/skills/software-security

Dispatch

Taint component CodeGuard source
Sources codeguard-0-input-validation-injection → "Core Strategy" trust boundaries, per-framework request-object tables
Sinks Same rule → SQL/LDAP/OS-command sections; plus codeguard-0-xml-and-serialization for deserialization sinks
Sanitizers Same rule → parameterization APIs, escaping functions, allow-list validators listed as "primary defense"

Workflow

Installs
1
Repository
santosomar/gene…t-skills
GitHub Stars
1
First Seen
Mar 29, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
taint-instrumentation-assistant — santosomar/general-secure-coding-agent-skills