CtrlK
BlogDocsLog inGet started
Tessl Logo

cisco/software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

84

1.78x

Review82%

Does it follow best practices?

Evaluation84%

 1.78x

Agent success when using this tile

Validation13 / 16 Passed

Validation for skill structure

Overview
Skills
Evals
Files

rubric.jsonevals/scenario-5/

{
  "context": "Tests whether agent implements specific session management practices (SameSite=Strict, idle/absolute timeouts, session regeneration) and nonce-based CSP.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "SameSite Strict",
      "description": "Session cookie is set with SameSite=Strict (not Lax, not None, not omitted)",
      "max_score": 20
    },
    {
      "name": "Idle timeout configured",
      "description": "An idle/inactivity session timeout is configured (not just absolute timeout) — value should be short (under 30 minutes)",
      "max_score": 20
    },
    {
      "name": "Session regeneration on login",
      "description": "Session ID is regenerated after successful authentication (new session created, old one invalidated)",
      "max_score": 20
    },
    {
      "name": "Nonce-based CSP",
      "description": "Content-Security-Policy header uses nonces (nonce-xxx) rather than 'unsafe-inline' or no CSP at all",
      "max_score": 25
    },
    {
      "name": "HttpOnly and Secure flags",
      "description": "Session cookie includes both HttpOnly and Secure flags",
      "max_score": 15
    }
  ]
}

Install with Tessl CLI

npx tessl i cisco/software-security

evals

scenario-5

rubric.json

task.md

LANGUAGE_RULES.md

SKILL.md

tile.json