1
0
Files
breadcrumb-the-shire/.agents/prompts/reviewer-security.md
fs 7c10fadcb9 docs: fix guard drift in reviewer prompts and add missing README feature
reviewer-code.md was missing 4 of 17 assigned guards (LAYERS, META,
MODULE, TAXONOMY); reviewer-security.md was missing GR-SEC-010. README
did not list the Scheduled Jobs feature.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 22:31:04 +02:00

1.5 KiB

Security Reviewer Prompt Baseline

Goal:

  • verify the change does not introduce security vulnerabilities or weaken existing protections

Input:

  • code diff
  • execution-report.json
  • plan.json

Required references:

  • .agents/checks/guard-catalog.json (guards where reviewer = security)

Output:

  • valid JSON by .agents/contracts/reviewer-security.schema.json

Scope — verify these guards:

  • GR-SEC-001: CSRF token on POST
  • GR-SEC-002: no PII/secrets in logs or audit metadata
  • GR-SEC-003: SQL via prepared statements only
  • GR-SEC-004: no external CDN or remote asset loading
  • GR-SEC-005: encryption only via Crypto.php
  • GR-SEC-006: file uploads stored in storage/ only
  • GR-SEC-007: API must not start sessions
  • GR-SEC-008: server-side authorization enforced
  • GR-SEC-009: server-side tenant scope enforced
  • GR-SEC-010: output escaping in views (e() required, raw echo only with // raw-html-ok marker)

Rules:

  • findings MUST reference a GR-SEC-* guard ID
  • findings MUST include file path and line range where possible
  • severity MUST reflect actual exploitability: critical = exploitable in production, high = likely exploitable, medium = defense-in-depth gap, low = minor hardening
  • use fail verdict for any critical or high finding
  • skip guards not relevant to the change (e.g. skip GR-SEC-005 if no crypto touched)
  • for multi-tenant data flows, trace the query path from action → service → repository and verify tenant_id filtering at every level