Security Code Review

Perform a thorough security review of the changes in a GitHub PR or issue, producing a structured report with per-category verdicts.

Prerequisites

• gh (GitHub CLI) must be installed and authenticated.
• git must be available.
• Network access to clone repositories and fetch PR metadata.

When to Use

• Reviewing a pull request before merge for security vulnerabilities.
• Triaging a GitHub issue that reports a potential security flaw.
• Auditing code changes for hardcoded secrets, injection flaws, auth bypasses, or insecure configurations.

Step 1: Parse the GitHub URL

If the user provided a PR or issue URL, extract the owner, repo, and number. If not, ask for one.