CtrlK
BlogDocsLog inGet started
Tessl Logo

cisco/software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

84

1.78x

Review82%

Does it follow best practices?

Evaluation84%

 1.78x

Agent success when using this tile

Validation13 / 16 Passed

Validation for skill structure

Overview
Skills
Evals
Files

rubric.jsonevals/scenario-2/

{
  "context": "Tests whether agent avoids unsafe C functions (strcpy, sprintf, gets, strcat) and uses safe replacements with proper compiler security flags.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "No unsafe string functions",
      "description": "Does NOT use strcpy, strcat, sprintf, or gets anywhere in the code (uses strncpy/strncat/snprintf/fgets instead)",
      "max_score": 30
    },
    {
      "name": "Uses snprintf",
      "description": "Uses snprintf (not sprintf) for string formatting",
      "max_score": 20
    },
    {
      "name": "Null termination",
      "description": "When using strncpy or similar bounded functions, explicitly ensures null termination of destination buffer",
      "max_score": 20
    },
    {
      "name": "Security compiler flags",
      "description": "Makefile or build instructions include at least two of: -fstack-protector-all, -D_FORTIFY_SOURCE=2, -fsanitize=address, -fPIE, -Wformat-security",
      "max_score": 30
    }
  ]
}

Install with Tessl CLI

npx tessl i cisco/software-security

evals

scenario-2

rubric.json

task.md

LANGUAGE_RULES.md

SKILL.md

tile.json