| name | security-review |
| description | Systematic security audit of codebase or feature |
| allowed-tools | Read, Grep, Glob, Bash |
Perform a security review of the codebase or a specific feature.
Instructions
- Read
.claude/rules/agent-guide.md for project context and tech stack.
- Read
docs/spec/.llm/PROGRESS.md for known security considerations.
- Perform a systematic security assessment covering the categories below.
Input Validation & Injection
Authentication & Authorization
Data Protection
Dependencies
Error Handling & Information Disclosure
Infrastructure
Report Format
Present findings as:
## Security Review: {scope}
### Summary
{overall assessment: clean / issues found / critical issues}
### Findings
| # | Finding | Severity | Category | Location |
|---|---------|----------|----------|----------|
| 1 | {finding} | {critical/high/medium/low/info} | {category} | {file:line} |
### Detailed Findings
#### Finding N: {title}
- **Severity**: {critical/high/medium/low/info}
- **Category**: {input-validation/auth/data-protection/deps/disclosure/infra}
- **Location**: `{file:line}`
- **Description**: {what's wrong}
- **Impact**: {what could happen if exploited}
- **Recommendation**: {how to fix}
- **Example fix**: {code snippet if applicable}
### Recommendations (Prioritized)
1. **[Critical]** {fix immediately}
2. **[High]** {fix before next release}
3. **[Medium]** {fix soon}
4. **[Low]** {fix when convenient}
$ARGUMENTS