Proposed Skill
Skill name: geo-redundant-secret-replication-review
Category: secrets
Severity: high
What It Detects
Cross-region secret replication may expand decryption scope or weaken revocation if replication and residency controls are not explicit.
Why This Skill Is Needed
This topic appears in real security reviews, but it is not represented cleanly in the current library. A dedicated skill would make the review repeatable and easier to apply across products.
Detection Approach
Map the trust boundary, identify where authority is derived, then review validation, provenance, exception handling, replay behavior, and background or operator paths that may get broader reach than intended.
Languages / Frameworks
- secret managers
- multi-region infrastructure
Example Vulnerable Pattern
Authority or access is inferred from a weak context signal,
then reused in a broader path without a fresh authorization check.
Example Remediation
Bind authority to explicit actor and resource context,
re-check it at the sensitive boundary,
and log approval or provenance for privileged paths.
References
- OWASP ASVS
- NIST SP 800-53
- Relevant vendor or protocol guidance for this control family
Estimated Complexity
Bounty Info
Proposed Skill
Skill name:
geo-redundant-secret-replication-reviewCategory: secrets
Severity: high
What It Detects
Cross-region secret replication may expand decryption scope or weaken revocation if replication and residency controls are not explicit.
Why This Skill Is Needed
This topic appears in real security reviews, but it is not represented cleanly in the current library. A dedicated skill would make the review repeatable and easier to apply across products.
Detection Approach
Map the trust boundary, identify where authority is derived, then review validation, provenance, exception handling, replay behavior, and background or operator paths that may get broader reach than intended.
Languages / Frameworks
Example Vulnerable Pattern
Example Remediation
References
Estimated Complexity
Bounty Info