What is a repudiation threat in software security?

A repudiation threat occurs when a system fails to provide sufficient evidence to prove an action took place, allowing a user to deny their involvement in a transaction or event.

Can this skill detect log injection vulnerabilities?

Yes, it identifies patterns where unsanitized user input flows into log formatters, which could allow attackers to forge log entries or break log parsing systems.

How does this skill help with the STRIDE model?

It specifically addresses the 'R' (Repudiation) category of STRIDE by checking for violations of the Non-repudiation security property within the application's logic.

What types of code files does it prioritize?

It focuses on authentication handlers, payment processors, admin management endpoints, and any code interacting with sensitive data or logging infrastructure.

Does it support automated fixes for missing logs?

Yes, when used with the --fix flag, the skill can suggest concrete code changes to add necessary logging calls to critical security paths.

Repudiation & Audit Analysis

Name: Repudiation & Audit Analysis
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Analyzes source code for repudiation threats by identifying missing audit logs, insufficient event tracking, and log tampering vulnerabilities.

This skill automates the detection of security gaps where users could deny performing specific actions due to inadequate evidence. By mapping code patterns to the STRIDE 'Repudiation' category, it evaluates authentication events, sensitive data modifications, and logging infrastructure to ensure forensic integrity. It identifies missing actor identities, log injection risks, and local-only storage issues, helping developers build accountable, transparent, and compliant applications.

Key Features

01Evaluation of log tampering protection and centralized aggregation gaps.

02Detailed security findings with CWE mapping and automated remediation diffs.

03Detection of missing audit logs for critical authentication and CRUD operations.

046 GitHub stars

05Identification of log injection vulnerabilities and unsanitized user input in logs.

06Automated STRIDE-based repudiation threat modeling for source code.

Use Cases

01Reviewing authentication and authorization handlers for missing identity context in logs.

02Conducting security audits on financial platforms to ensure transaction accountability.

03Scanning for forensic gaps in high-compliance environments like healthcare or fintech.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code repudiation

For use in Claude.ai and ChatGPT

Download Skill