6.0 KiB
6.0 KiB
Skill Test Spec: /security-audit
Skill Summary
/security-audit audits the game for security risks including save data
integrity, network communication, anti-cheat exposure, and data privacy. It
reads source files in src/ for security patterns and checks whether sensitive
data is handled correctly. No director gates are invoked. The skill does not
write files (findings report only). Verdicts: SECURE, CONCERNS, or
VULNERABILITIES FOUND.
Static Assertions (Structural)
Verified automatically by /skill-test static — no fixture needed.
- Has required frontmatter fields:
name,description,argument-hint,user-invocable,allowed-tools - Has ≥2 phase headings
- Contains verdict keywords: SECURE, CONCERNS, VULNERABILITIES FOUND
- Does NOT require "May I write" language (read-only; findings report only)
- Has a next-step handoff (what to do with findings)
Director Gate Checks
None. Security audit is a read-only advisory skill; no gates are invoked.
Test Cases
Case 1: Happy Path — Save data encrypted, no hardcoded credentials
Fixture:
src/core/save_system.gdusesCryptoclass to encrypt save data before writing- No hardcoded API keys, passwords, or credentials in any
src/file - No version numbers or internal build IDs exposed in client-facing output
Input: /security-audit
Expected behavior:
- Skill scans
src/for security patterns: encryption usage, hardcoded credentials, exposed internals - All checks pass: save data encrypted, no credentials found, no exposed internals
- Findings report shows all checks PASS
- Verdict is SECURE
Assertions:
- Skill checks save data handling for encryption usage
- Skill scans for hardcoded credentials (API keys, passwords, tokens)
- Skill checks for version/build numbers exposed to players
- All checks shown in findings report
- Verdict is SECURE when all checks pass
Case 2: Vulnerabilities Found — Unencrypted save data and exposed version
Fixture:
src/core/save_system.gdwrites save data as plain JSON (no encryption)src/ui/debug_overlay.gdcontains:label.text = "Build: " + ProjectSettings.get("application/config/version")(exposes internal build version to player)
Input: /security-audit
Expected behavior:
- Skill scans
src/— finds unencrypted save write insave_system.gd - Skill finds exposed version string in
debug_overlay.gd - Both findings are flagged as VULNERABILITIES
- Verdict is VULNERABILITIES FOUND
- Skill provides remediation recommendations for each vulnerability
Assertions:
- Unencrypted save data is flagged as a vulnerability with file and approximate line
- Exposed version string is flagged as a vulnerability
- Remediation suggestion is given for each vulnerability
- Verdict is VULNERABILITIES FOUND when any vulnerability is detected
- No files are written or modified
Case 3: Online Features Without Authentication — CONCERNS
Fixture:
src/networking/lobby.gdexists with functions:join_lobby(),send_chat()- No authentication check is found before
send_chat()— players can call it without being verified - Game has online multiplayer features (inferred from file presence)
Input: /security-audit
Expected behavior:
- Skill scans
src/networking/— detects online feature code - Skill checks for authentication guard before network calls — finds none on
send_chat() - Flags: "Online feature without authentication check — CONCERNS"
- Verdict is CONCERNS (not VULNERABILITIES FOUND, as this is a missing control, not an exploit)
Assertions:
- Skill detects online features by scanning for networking source files
- Missing authentication checks before network operations are flagged
- Verdict is CONCERNS (advisory severity) for missing authentication guards
- Output recommends adding authentication before network calls
Case 4: Edge Case — No Source Files to Analyze
Fixture:
src/directory does not exist or is completely empty
Input: /security-audit
Expected behavior:
- Skill attempts to scan
src/— no files found - Skill outputs an error: "No source files found in
src/— nothing to audit" - No findings report is generated
- No verdict is emitted
Assertions:
- Skill does not crash when
src/is empty or absent - Output clearly states that no source files were found
- No verdict is emitted (there is nothing to assess)
- Skill suggests verifying the
src/directory path
Case 5: Gate Compliance — No gate; security-engineer invoked separately
Fixture:
- Source files exist; 1 CONCERNS-level finding detected (debug logging enabled in release build)
review-mode.txtcontainsfull
Input: /security-audit
Expected behavior:
- Skill scans source; finds debug logging active in release path
- No director gate is invoked regardless of review mode
- Verdict is CONCERNS
- Output notes: "For formal security review, consider engaging a security-engineer agent"
- Findings are presented as a read-only report; no files written
Assertions:
- No director gate is invoked in any review mode
- Security-engineer consultation is suggested (not mandated)
- No files are written
- Verdict is CONCERNS for advisory-level security findings
Protocol Compliance
- Reads source files in
src/before auditing - Checks save data encryption, hardcoded credentials, exposed internals, auth guards
- Provides remediation recommendations for each finding
- Does not write any files (read-only skill)
- No director gates are invoked
- Verdict is one of: SECURE, CONCERNS, VULNERABILITIES FOUND
Coverage Notes
- Anti-cheat analysis (client-side value validation, server authority) is not explicitly tested here; it follows the CONCERNS or VULNERABILITIES pattern depending on severity.
- Data privacy compliance (GDPR, COPPA) is out of scope for this spec; those require legal review beyond code scanning.