Security pass
A targeted security review of sensitive code.
The prompt
Audit @<file> for injection, auth, and secret-handling issues. For each finding give the concrete risk, a reproduction path, and a specific fix. Ignore theoretical issues that can't happen given how it's called. Why it works
Naming the vulnerability classes focuses the audit, and demanding a reproduction path filters out low-value “could theoretically” noise. Every finding comes with a fix you can act on.
Fill in
@<file>— the code handling input, auth, or secrets.
Follow-ups
- “Write a test that would catch the injection finding.”