Good first issue — documentation, no code.
Extend red-team-cases/oss-maintainer-security.md with a new adversarial scenario.
Each case needs:
- Scenario (what the attacker does)
- Risk (what goes wrong)
- Expected safe behavior (how the guardrails should respond)
- Gate:
auto-allow, human-review, or block
Ideas: injection via commit message, injection via PR review comment, homoglyph attack to bypass secret scan, unicode tricks in filenames.
Good first issue — documentation, no code.
Extend
red-team-cases/oss-maintainer-security.mdwith a new adversarial scenario.Each case needs:
auto-allow,human-review, orblockIdeas: injection via commit message, injection via PR review comment, homoglyph attack to bypass secret scan, unicode tricks in filenames.