Review Security Structure

Defensively review code or structure artifacts by reading architecture and data flow before reading full source. Use structural signals to identify vulnerabilities, logic flaws, parser/scanner risks, CI/CD risks, and LLM/agent tool-boundary risks.

When to Use

• security review, vulnerability review, SAST triage, AST, structure map, call graph, Source/Sink, taint flow
• 脆弱性レビュー, セキュリティレビュー, 構造マップ, AST レポート, 依存関係, 複雑度
• Reviewing owned or explicitly authorized code, design docs, scan results, or generated structure maps
• Hardening parsers, scanners, CI/CD tools, file walkers, and agent/tool-call boundaries against malformed or adversarial input

Safety Scope

• Keep the work defensive: review, risk explanation, safe verification ideas, and minimal fixes.
• Do not provide unauthorized testing, intrusion, persistence, evasion, credential theft, weaponized PoC, or destructive external steps.
• If exploitability is uncertain, place the item in Hypotheses rather than Findings.
• If code changes are requested, keep them minimal and verify with existing tests or a focused local check.

Inputs to Prefer