Name: Security Review
Author: gmg0829

Analyze the codebase for security vulnerabilities:

Authentication & Authorization
- Verify Clerk auth is properly configured on protected routes
- Check middleware.ts for proper route protection
- Ensure API routes validate user sessions
API Security
- No exposed API keys or secrets in client-side code
- Environment variables properly prefixed with NEXT_PUBLIC_
- Rate limiting on public endpoints
- Input validation with Zod on all API routes
Injection Risks
- SQL injection (Supabase queries use parameterized queries)
- XSS risks in user-generated content
- Prompt injection in AI features
Data Protection
- .env files are gitignored
- No sensitive data in client-side code
- Proper CORS configuration
- HTTPS enforcement in production
AI-Specific Concerns
- User input sanitization before AI prompts

Analyze the codebase for security vulnerabilities:

Authentication & Authorization
- Verify Clerk auth is properly configured on protected routes
- Check middleware.ts for proper route protection
- Ensure API routes validate user sessions
API Security
- No exposed API keys or secrets in client-side code
- Environment variables properly prefixed with NEXT_PUBLIC_
- Rate limiting on public endpoints
- Input validation with Zod on all API routes
Injection Risks
- SQL injection (Supabase queries use parameterized queries)
- XSS risks in user-generated content
- Prompt injection in AI features
Data Protection
- .env files are gitignored
- No sensitive data in client-side code
- Proper CORS configuration
- HTTPS enforcement in production
AI-Specific Concerns
- User input sanitization before AI prompts

Security Review