cisco/software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

82%

Overall

Review — 82%

Quality of skill definitions

Evaluation

Agent success when using this tile

{
  "context": "Tests whether agent uses Argon2id (not bcrypt/PBKDF2) for password hashing and avoids hardcoded credentials, as specified by the software-security skill.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses Argon2id",
      "description": "Password hashing uses Argon2id specifically (not bcrypt, not PBKDF2, not scrypt, not plain argon2i or argon2d)",
      "max_score": 35
    },
    {
      "name": "No hardcoded secrets",
      "description": "Database connection string or credentials are loaded from environment variables or config, not hardcoded in source code",
      "max_score": 25
    },
    {
      "name": "Parameterized SQL",
      "description": "Any database queries use parameterized queries or an ORM, not string concatenation/interpolation",
      "max_score": 20
    },
    {
      "name": "Unique salt per user",
      "description": "Each password hash uses a unique random salt (either explicitly generated or via library default that auto-salts)",
      "max_score": 20
    }
  ]
}