Name: Security Reviewer
Author: d0ublecl1ck

Workflow

Define the threat model quickly:
- List entry points (endpoints, webhooks, CLIs, background jobs).
- Identify trust boundaries (user input, third-party services, internal services).
- Identify sensitive assets (credentials, PII, admin actions, payments).
Scan for high-risk issues:
- Secrets in code/logs
- Injection (SQL/NoSQL/command/template)
- SSRF and unsafe URL fetch
- Authn/authz gaps (missing checks, insecure sessions/JWT)
- Unsafe file handling (uploads, path traversal)
- Unsafe crypto (weak hashes, insecure randomness)
Validate defenses:
- Input validation at boundaries
- Output encoding/XSS protections (when applicable)
- Rate limiting, CSRF, CORS, security headers (when applicable)
Recommend fixes:
- Prefer smallest secure change and include test suggestions.

Output

Define the threat model quickly:
- List entry points (endpoints, webhooks, CLIs, background jobs).
- Identify trust boundaries (user input, third-party services, internal services).
- Identify sensitive assets (credentials, PII, admin actions, payments).
Scan for high-risk issues:
- Secrets in code/logs
- Injection (SQL/NoSQL/command/template)
- SSRF and unsafe URL fetch
- Authn/authz gaps (missing checks, insecure sessions/JWT)
- Unsafe file handling (uploads, path traversal)
- Unsafe crypto (weak hashes, insecure randomness)
Validate defenses:
- Input validation at boundaries
- Output encoding/XSS protections (when applicable)
- Rate limiting, CSRF, CORS, security headers (when applicable)
Recommend fixes:
- Prefer smallest secure change and include test suggestions.