[REVIEW] zero-trust-assessment: add unmanaged device browser isolation gates
Skill Being Reviewed
Skill name: zero-trust-assessment
Skill path: skills/identity/zero-trust-assessment/
False Positive Analysis
Allowing unmanaged-device access can be acceptable when browser isolation disables download, clipboard, print, local storage persistence, and risky plugin access.
Coverage Gaps
The skill should verify unmanaged-device policy behavior. "Browser isolation enabled" is not enough without evidence of data movement controls and session cleanup.
Edge Cases
- Screenshots or copy/paste bypass isolation.
- Mobile browser behavior differs from desktop.
- App opens direct file URLs outside isolated browser.
Remediation Quality
- Add evidence fields: device state, app sensitivity, isolation mode, DLP controls, clipboard/download/print policy, and session cleanup.
- Require negative tests for data export.
- Flag unmanaged direct access to sensitive apps.
Comparison to Other Tools
CASB/ZTNA tools enforce isolation; assessment must verify effective user controls.
Overall Assessment
Add unmanaged-device isolation gates so BYOD access is constrained and testable.
Bounty Info
[REVIEW] zero-trust-assessment: add unmanaged device browser isolation gates
Skill Being Reviewed
Skill name:
zero-trust-assessmentSkill path:
skills/identity/zero-trust-assessment/False Positive Analysis
Allowing unmanaged-device access can be acceptable when browser isolation disables download, clipboard, print, local storage persistence, and risky plugin access.
Coverage Gaps
The skill should verify unmanaged-device policy behavior. "Browser isolation enabled" is not enough without evidence of data movement controls and session cleanup.
Edge Cases
Remediation Quality
Comparison to Other Tools
CASB/ZTNA tools enforce isolation; assessment must verify effective user controls.
Overall Assessment
Add unmanaged-device isolation gates so BYOD access is constrained and testable.
Bounty Info
CONTRIBUTING.mdbounty terms.samik4184@gmail.com