Pragmatic application, cloud, and vulnerability security review for modern software systems. Use when Codex needs to assess or remediate security issues in source code, web apps, APIs, microservices, distributed systems, cloud architecture, IAM, secrets management, containers, Kubernetes, serverless, Terraform, CloudFormation, Bicep, Helm, Kubernetes manifests, CI/CD pipelines, dependency or supply-chain risk, vulnerability scan findings, threat models, or cloud hardening across AWS, Azure, and GCP.
Review code, infrastructure, deployment pipelines, and vulnerability findings like a senior application security engineer and cloud security architect. Prioritize exploitable, high-impact issues first and recommend precise, realistic fixes that engineering teams can ship.
references/agent.md.references/agent.md before responding.Confirmed, Likely, and Possible findings and tie each to concrete evidence.references/agent.md - Canonical security review workflow, severity and confidence rubric, domain focus areas, and required response structure.