santosomar/taint-instrumentation-assistant
skills/security/taint-instrumentation-assistant/SKILL.md
Sets up taint tracking by defining sources, sinks, and sanitizers from Project CodeGuard's input-validation taxonomy, then configures the target tool (CodeQL, Semgrep, custom instrumentation). Use when wiring taint analysis into CI, when the user asks for taint tracking, or when you need a source/sink catalog for a specific language.
tools
Updated Apr 13, 2026
$ install --global
skillsauthnpx skillsauth add santosomar/general-secure-coding-agent-skills taint-instrumentation-assistantInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 13, 2026, 4:32 AM38.8s1 file scanned
SKILL.md
- name:
- taint-instrumentation-assistant
- description:
- Sets up taint tracking by defining sources, sinks, and sanitizers from Project CodeGuard's input-validation taxonomy, then configures the target tool (CodeQL, Semgrep, custom instrumentation). Use when wiring taint analysis into CI, when the user asks for taint tracking, or when you need a source/sink catalog for a specific language.
- license:
- Apache-2.0
- category:
- security
- suite:
- general-secure-coding-agent-skills
- version:
- 0.3.0
- upstream:
- cosai-oasis/project-codeguard
- codeguard-version:
- 1.3.0
- related:
- static-vulnerability-detector
Taint Instrumentation Assistant
This skill delegates to Project CodeGuard for its source/sink/sanitizer taxonomy — specifically codeguard-0-input-validation-injection, which defines the trust boundaries (HTTP params, env, files, IPC) and dangerous sinks (query execution, shell, eval, filesystem) per language.
Upstream: https://github.com/cosai-oasis/project-codeguard/tree/main/skills/software-security
Dispatch
| Taint component | CodeGuard source |
| --------------- | -------------------------------------------------------------- |
| Sources | codeguard-0-input-validation-injection → "Core Strategy" trust boundaries, per-framework request-object tables |
| Sinks | Same rule → SQL/LDAP/OS-command sections; plus codeguard-0-xml-and-serialization for deserialization sinks |
| Sanitizers | Same rule → parameterization APIs, escaping functions, allow-list validators listed as "primary defense" |
Workflow
- Pull the language-specific source/sink/sanitizer lists from the CodeGuard rules above.
- Translate into the target tool's format: CodeQL
.qlsource/sink predicates, Semgreppattern-sources/pattern-sinks, or inline annotations. - Sanitizers are allow-listed, not inferred — only CodeGuard-recognized sanitizers suppress a flow. A regex-based "sanitizer" does not count.
- Run and verify: inject a known-tainted flow and confirm it's flagged before trusting the configuration.
Related Skills
santosomar/verified-pseudocode-extractor
development
VerifiedTrustedCommunity
Extracts human-readable pseudocode from a verified formal artifact (Dafny, Lean, TLA+) while preserving the verified properties as annotations, so the proof-carrying logic can be reimplemented in a production language. Use when porting verified code to an unverified target, when documenting what a formal spec actually does, or when handing a verified algorithm to an implementer.
SKILL.mdUpdated Apr 13, 2026
santosomar/tlaplus-spec-generator
development
VerifiedTrustedCommunity
Translates natural-language or pseudocode descriptions of concurrent and distributed systems into TLA+ specifications ready for the TLC model checker. Identifies state variables, actions, type invariants, safety properties, and liveness properties from the description. Use when formalizing a protocol, when the user describes a distributed algorithm to verify, when designing a consensus or locking scheme, or when starting formal verification of a concurrent system.
SKILL.mdUpdated Apr 13, 2026
santosomar/tlaplus-model-reduction
testing
VerifiedTrustedCommunity
Reduces a TLA+ model so TLC can actually check it — shrinks constants, adds state constraints, abstracts data, or applies symmetry — when the state space is too large to enumerate. Use when TLC runs out of memory, when checking takes hours, or when a spec works at N=2 and you need confidence at larger scale.
SKILL.mdUpdated Apr 13, 2026
santosomar/tlaplus-guided-code-repair
development
VerifiedTrustedCommunity
TLA+-specific instance of model-guided repair — reads a TLC error trace, identifies the enabling condition that should have been false, strengthens the corresponding action, and maps the fix to source code. Use when TLC reports an invariant violation or deadlock and you have the code-to-TLA+ mapping from extraction.
SKILL.mdUpdated Apr 13, 2026