cso
Conducts comprehensive security audits and threat modeling for infrastructure, focusing on CI/CD and AI security.
Install this skill
Security score
The cso skill was audited on May 12, 2026 and we found 109 security issues across 5 threat categories, including 4 critical. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 1019 | - **Eval/exec of LLM output:** `eval()`, `exec()`, `Function()`, `new Function` processing AI responses |
Direct command execution function call
| 1074 | - Command injection: system(), exec(), spawn(), popen |
Eval function call - arbitrary code execution
| 1019 | - **Eval/exec of LLM output:** `eval()`, `exec()`, `Function()`, `new Function` processing AI responses |
Eval function call - arbitrary code execution
| 1075 | - Template injection: render with params, eval(), html_safe, raw() |
Template literal with variable interpolation in command context
| 32 | ```bash |
Template literal with variable interpolation in command context
| 265 | ```bash |
Template literal with variable interpolation in command context
| 361 | ```bash |
Template literal with variable interpolation in command context
| 395 | echo "before relying on \`gbrain search\` for code questions in this worktree." |
Template literal with variable interpolation in command context
| 523 | ```bash |
Template literal with variable interpolation in command context
| 930 | ```bash |
Template literal with variable interpolation in command context
| 976 | **Severity:** CRITICAL for `pull_request_target` + checkout of PR code / script injection via `${{ github.event.*.body }}` in `run:` steps. HIGH for unpinned third-party actions / secrets as env vars |
System command execution
| 1074 | - Command injection: system(), exec(), spawn(), popen |
Webhook reference - potential data exfiltration
| 758 | The real attack surface isn't your code — it's your dependencies. Most teams audit their own app but forget: exposed env vars in CI logs, stale API keys in git history, forgotten staging servers with |
Webhook reference - potential data exfiltration
| 876 | **Code surface:** Use the Grep tool to find endpoints, auth boundaries, external integrations, file upload paths, admin routes, webhook handlers, background jobs, and WebSocket channels. Scope file ex |
Webhook reference - potential data exfiltration
| 903 | Webhook receivers: N |
Webhook reference - potential data exfiltration
| 994 | ### Phase 6: Webhook & Integration Audit |
Webhook reference - potential data exfiltration
| 998 | **Webhook routes:** Use Grep to find files containing webhook/hook/callback route patterns. For each file, check whether it also contains signature verification (signature, hmac, verify, digest, x-hub |
Webhook reference - potential data exfiltration
| 1004 | **Verification approach (code-tracing only — NO live requests):** For webhook findings, trace the handler code to determine if signature verification exists anywhere in the middleware chain (parent ro |
Webhook reference - potential data exfiltration
| 1006 | **Severity:** CRITICAL for webhooks without any signature verification. HIGH for TLS verification disabled in prod code / overly broad OAuth scopes. MEDIUM for undocumented outbound data flows to thir |
Webhook reference - potential data exfiltration
| 1008 | **FP rules:** TLS disabled in test code excluded. Internal service-to-service webhooks on private networks = MEDIUM max. Webhook endpoints behind API gateway that handles signature verification upstre |
Webhook reference - potential data exfiltration
| 1210 | 2. **Webhooks:** Trace handler code to verify whether signature verification exists anywhere in the middleware chain. Do NOT make HTTP requests. |
Webhook reference - potential data exfiltration
| 1254 | 4 HIGH 9/10 UNVERIFIED Integrations Webhook w/o signature verify P6 api/webhooks.ts:24 |
Webhook reference - potential data exfiltration
| 1348 | "infrastructure": { "ci_workflows": 0, "webhook_receivers": 0, "container_configs": 0, "iac_configs": 0, "deploy_targets": 0, "secret_management": "unknown" } |
Access to hidden dotfiles in home directory
| 33 | _UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true) |
Access to hidden dotfiles in home directory
| 35 | mkdir -p ~/.gstack/sessions |
Access to hidden dotfiles in home directory
| 36 | touch ~/.gstack/sessions/"$PPID" |
Access to hidden dotfiles in home directory
| 37 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
Access to hidden dotfiles in home directory
| 38 | find ~/.gstack/sessions -mmin +120 -type f -exec rm {} + 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 39 | _PROACTIVE=$(~/.claude/skills/gstack/bin/gstack-config get proactive 2>/dev/null || echo "true") |
Access to hidden dotfiles in home directory
| 40 | _PROACTIVE_PROMPTED=$([ -f ~/.gstack/.proactive-prompted ] && echo "yes" || echo "no") |
Access to hidden dotfiles in home directory
| 43 | _SKILL_PREFIX=$(~/.claude/skills/gstack/bin/gstack-config get skill_prefix 2>/dev/null || echo "false") |
Access to hidden dotfiles in home directory
| 47 | source <(~/.claude/skills/gstack/bin/gstack-repo-mode 2>/dev/null) || true |
Access to hidden dotfiles in home directory
| 50 | _LAKE_SEEN=$([ -f ~/.gstack/.completeness-intro-seen ] && echo "yes" || echo "no") |
Access to hidden dotfiles in home directory
| 52 | _TEL=$(~/.claude/skills/gstack/bin/gstack-config get telemetry 2>/dev/null || true) |
Access to hidden dotfiles in home directory
| 53 | _TEL_PROMPTED=$([ -f ~/.gstack/.telemetry-prompted ] && echo "yes" || echo "no") |
Access to hidden dotfiles in home directory
| 58 | _EXPLAIN_LEVEL=$(~/.claude/skills/gstack/bin/gstack-config get explain_level 2>/dev/null || echo "default") |
Access to hidden dotfiles in home directory
| 61 | _QUESTION_TUNING=$(~/.claude/skills/gstack/bin/gstack-config get question_tuning 2>/dev/null || echo "false") |
Access to hidden dotfiles in home directory
| 63 | mkdir -p ~/.gstack/analytics |
Access to hidden dotfiles in home directory
| 65 | echo '{"skill":"cso","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.j |
Access to hidden dotfiles in home directory
| 67 | for _PF in $(find ~/.gstack/analytics -maxdepth 1 -name '.pending-*' 2>/dev/null); do |
Access to hidden dotfiles in home directory
| 69 | if [ "$_TEL" != "off" ] && [ -x "~/.claude/skills/gstack/bin/gstack-telemetry-log" ]; then |
Access to hidden dotfiles in home directory
| 70 | ~/.claude/skills/gstack/bin/gstack-telemetry-log --event-type skill_run --skill _pending_finalize --outcome unknown --session-id "$_SESSION_ID" 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 76 | eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 82 | ~/.claude/skills/gstack/bin/gstack-learnings-search --limit 3 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 87 | ~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"cso","event":"started","branch":"'"$_BRANCH"'","session":"'"$_SESSION_ID"'"}' 2>/dev/null & |
Access to hidden dotfiles in home directory
| 92 | _ROUTING_DECLINED=$(~/.claude/skills/gstack/bin/gstack-config get routing_declined 2>/dev/null || echo "false") |
Access to hidden dotfiles in home directory
| 103 | _CHECKPOINT_MODE=$(~/.claude/skills/gstack/bin/gstack-config get checkpoint_mode 2>/dev/null || echo "explicit") |
Access to hidden dotfiles in home directory
| 104 | _CHECKPOINT_PUSH=$(~/.claude/skills/gstack/bin/gstack-config get checkpoint_push 2>/dev/null || echo "false") |
Access to hidden dotfiles in home directory
| 112 | In plan mode, allowed because they inform the plan: `$B`, `$D`, `codex exec`/`codex review`, writes to `~/.gstack/`, writes to the plan file, and `open` for generated artifacts. |
Access to hidden dotfiles in home directory
| 120 | If `SKILL_PREFIX` is `"true"`, suggest/invoke `/gstack-*` names. Disk paths stay `~/.claude/skills/gstack/[skill-name]/SKILL.md`. |
Access to hidden dotfiles in home directory
| 122 | If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/gstack/gstack-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with |
Access to hidden dotfiles in home directory
| 127 | - Missing `~/.claude/skills/gstack/.feature-prompted-continuous-checkpoint`: AskUserQuestion for Continuous checkpoint auto-commits. If accepted, run `~/.claude/skills/gstack/bin/gstack-config set che |
Access to hidden dotfiles in home directory
| 128 | - Missing `~/.claude/skills/gstack/.feature-prompted-model-overlay`: inform "Model overlays are active. MODEL_OVERLAY shows the patch." Always touch marker. |
Access to hidden dotfiles in home directory
| 141 | If B: run `~/.claude/skills/gstack/bin/gstack-config set explain_level terse`. |
Access to hidden dotfiles in home directory
| 145 | rm -f ~/.gstack/.writing-style-prompt-pending |
Access to hidden dotfiles in home directory
| 146 | touch ~/.gstack/.writing-style-prompted |
Access to hidden dotfiles in home directory
| 155 | touch ~/.gstack/.completeness-intro-seen |
Access to hidden dotfiles in home directory
| 168 | If A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry community` |
Access to hidden dotfiles in home directory
| 178 | If B→A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry anonymous` |
Access to hidden dotfiles in home directory
| 179 | If B→B: run `~/.claude/skills/gstack/bin/gstack-config set telemetry off` |
Access to hidden dotfiles in home directory
| 183 | touch ~/.gstack/.telemetry-prompted |
Access to hidden dotfiles in home directory
| 196 | If A: run `~/.claude/skills/gstack/bin/gstack-config set proactive true` |
Access to hidden dotfiles in home directory
| 197 | If B: run `~/.claude/skills/gstack/bin/gstack-config set proactive false` |
Access to hidden dotfiles in home directory
| 201 | touch ~/.gstack/.proactive-prompted |
Access to hidden dotfiles in home directory
| 242 | If B: run `~/.claude/skills/gstack/bin/gstack-config set routing_declined true` and say they can re-enable with `gstack-config set routing_declined false`. |
Access to hidden dotfiles in home directory
| 246 | If `VENDORED_GSTACK` is `yes`, warn once via AskUserQuestion unless `~/.gstack/.vendoring-warned-$SLUG` exists: |
Access to hidden dotfiles in home directory
| 258 | 3. Run `~/.claude/skills/gstack/bin/gstack-team-init required` (or `optional`) |
Access to hidden dotfiles in home directory
| 260 | 5. Tell the user: "Done. Each developer now runs: `cd ~/.claude/skills/gstack && ./setup --team`" |
Access to hidden dotfiles in home directory
| 266 | eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 267 | touch ~/.gstack/.vendoring-warned-${SLUG:-unknown} |
Access to hidden dotfiles in home directory
| 370 | _BRAIN_SYNC_BIN="~/.claude/skills/gstack/bin/gstack-brain-sync" |
Access to hidden dotfiles in home directory
| 371 | _BRAIN_CONFIG_BIN="~/.claude/skills/gstack/bin/gstack-config" |
Access to hidden dotfiles in home directory
| 475 | If A/B and `~/.gstack/.git` is missing, ask whether to run `gstack-artifacts-init`. Do not block the skill. |
Access to hidden dotfiles in home directory
| 480 | "~/.claude/skills/gstack/bin/gstack-brain-sync" --discover-new 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 481 | "~/.claude/skills/gstack/bin/gstack-brain-sync" --once 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 524 | eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" |
Access to hidden dotfiles in home directory
| 679 | Before each AskUserQuestion, choose `question_id` from `scripts/question-registry.ts` or `{skill}-{slug}`, then run `~/.claude/skills/gstack/bin/gstack-question-preference --check "<id>"`. `AUTO_DECID |
Access to hidden dotfiles in home directory
| 683 | ~/.claude/skills/gstack/bin/gstack-question-log '{"skill":"cso","question_id":"<id>","question_summary":"<short>","category":"<approval|clarification|routing|cherry-pick|feedback-loop>","door_type":"< |
Access to hidden dotfiles in home directory
| 692 | ~/.claude/skills/gstack/bin/gstack-question-preference --write '{"question_id":"<id>","preference":"<pref>","source":"inline-user","free_text":"<optional original words>"}' |
Access to hidden dotfiles in home directory
| 712 | ~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"SKILL_NAME","type":"operational","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"observed"}' |
Access to hidden dotfiles in home directory
| 722 | `~/.gstack/analytics/`, matching preamble analytics writes. |
Access to hidden dotfiles in home directory
| 729 | rm -f ~/.gstack/analytics/.pending-"$_SESSION_ID" 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 731 | ~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"SKILL_NAME","event":"completed","branch":"'$(git branch --show-current 2>/dev/null || echo unknown)'","outcome":"OUTCOME","duration_s":"'"$_T |
Access to hidden dotfiles in home directory
| 734 | echo '{"skill":"SKILL_NAME","duration_s":"'"$_TEL_DUR"'","outcome":"OUTCOME","browse":"USED_BROWSE","session":"'"$_SESSION_ID"'","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' >> ~/.gstack/analytics/skill- |
Access to hidden dotfiles in home directory
| 737 | if [ "$_TEL" != "off" ] && [ -x ~/.claude/skills/gstack/bin/gstack-telemetry-log ]; then |
Access to hidden dotfiles in home directory
| 738 | ~/.claude/skills/gstack/bin/gstack-telemetry-log \ |
Access to hidden dotfiles in home directory
| 748 | In plan mode before ExitPlanMode: if the plan file lacks `## GSTACK REVIEW REPORT`, run `~/.claude/skills/gstack/bin/gstack-review-read` and append the standard runs/status/findings table. With `NO_RE |
Access to hidden dotfiles in home directory
| 839 | _CROSS_PROJ=$(~/.claude/skills/gstack/bin/gstack-config get cross_project_learnings 2>/dev/null || echo "unset") |
Access to hidden dotfiles in home directory
| 842 | ~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 --cross-project 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 844 | ~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 2>/dev/null || true |
Access to hidden dotfiles in home directory
| 859 | If A: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings true` |
Access to hidden dotfiles in home directory
| 860 | If B: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings false` |
Access to hidden dotfiles in home directory
| 1397 | ~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"cso","type":"TYPE","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"SOURCE","files":["path/to/relevant/file"]}' |
Access to .env file
| 884 | ls .env .env.* 2>/dev/null |
Access to .env file
| 912 | Scan git history for leaked credentials, check tracked `.env` files, find CI configs with inline secrets. |
Access to .env file
| 916 | git log -p --all -S "AKIA" --diff-filter=A -- "*.env" "*.yml" "*.yaml" "*.json" "*.toml" 2>/dev/null |
Access to .env file
| 917 | git log -p --all -S "sk-" --diff-filter=A -- "*.env" "*.yml" "*.json" "*.ts" "*.js" "*.py" 2>/dev/null |
Access to .env file
| 920 | git log -p --all -G "password|secret|token|api_key" -- "*.env" "*.yml" "*.json" "*.conf" 2>/dev/null |
Access to .env file
| 923 | **.env files tracked by git:** |
Access to .env file
| 925 | git ls-files '*.env' '.env.*' 2>/dev/null | grep -v '.example\|.sample\|.template' |
Access to .env file
| 926 | grep -q "^\.env$\|^\.env\.\*" .gitignore 2>/dev/null && echo ".env IS gitignored" || echo "WARNING: .env NOT in .gitignore" |
Access to .env file
| 936 | **Severity:** CRITICAL for active secret patterns in git history (AKIA, sk_live_, ghp_, xoxb-). HIGH for .env tracked by git, CI configs with inline credentials. MEDIUM for suspicious .env.example val |
Access to .env file
| 938 | **FP rules:** Placeholders ("your_", "changeme", "TODO") excluded. Test fixtures excluded unless same value in non-test code. Rotated secrets still flagged (they were exposed). `.env.local` in `.gitig |
Access to .env file
| 984 | **Dockerfiles:** For each Dockerfile, check for missing `USER` directive (runs as root), secrets passed as `ARG`, `.env` files copied into images, exposed ports. |
Access to .env file
| 1044 | - `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `env.`, `process.env` (credential access) |
Access to .env file
| 1251 | 1 CRIT 9/10 VERIFIED Secrets AWS key in git history P2 .env:3 |
Unicode escape sequences
| 332 | writes `\u3103` thinking it is 管 U+7BA1, but `\u3103` is |
External URL reference
| 151 | If `LAKE_INTRO` is `no`: say "gstack follows the **Boil the Lake** principle — do the complete thing when AI makes marginal cost near-zero. Read more: https://garryslist.org/posts/boil-the-ocean" Offe |
External URL reference
| 154 | open https://garryslist.org/posts/boil-the-ocean |