feat(skill): tenant-aware-cache-key-review — reviews cache keys for tenant leakage#2580
feat(skill): tenant-aware-cache-key-review — reviews cache keys for tenant leakage#2580daviediao-code wants to merge 3 commits into
Conversation
|
Hi @kamalsrini — just bumping this PR for review when you have a moment. The skill |
|
Hi @kamalsrini, checking in on this PR. Happy to address any feedback. The skill |
…ic endpoints for production exposure
|
Thanks for the contribution. This is not merge-ready yet. I reviewed the PR against current
Please update the branch against current |
…ing whitespace, index - Fixed cache-key-review name to match directory - Added YAML frontmatter to runtime-debug-endpoint-security - Removed trailing whitespace from cache-key-review - Fixed index.yaml indentation and added new skills - Updated skill_count
|
I've pushed fixes addressing all the blocking issues you raised:
The fixes are pushed to my fork at Could you review the updated PR? I'm happy to address any remaining issues. Payment details (if accepted): PayPal: 326625418@qq.com / Payoneer: daviediao@gmail.com |
What this PR does
Adds
tenant-aware-cache-key-reviewskill for multi-tenant applications. Reviews cache keys for tenant leakage, authorization-before-cache-hit, and access-change invalidation.Linked approved issue (required for new skills)
Closes #2573
Type of change
Reproduction — independently runnable (required)
cat skills/secops/cache-key-review/SKILL.mdfollowed bycat skills/secops/cache-key-review/tests/vulnerable/tenant-scoped-key-missing.jsonDiscrimination evidence — true positive AND true negative (required)
file:line:skills/secops/cache-key-review/tests/vulnerable/tenant-scoped-key-missing.json — flags cache key without tenant scope (OWASP-API-Security-2023-A07)
file:line:skills/secops/cache-key-review/tests/benign/tenant-scoped-key-present.json — correctly passes when tenant scope is present
Framework grounding
Attestation & checklist
injection-hardened: trueset in frontmatterallowed-toolsscoped to minimum necessary permissionsindex.yamlupdated with new skill entryRequested bounty tier: Intermediate ($350)
Payment details can be provided privately after maintainer acceptance.