Security Audit

Investigate the codebase for security vulnerabilities across OWASP Top 10 categories, secrets exposure, supply chain risks, and language-specific patterns. Produces a scored SECURITY_AUDIT.md with prioritized remediation actions.

Core principle: Investigate, do not just grep. Read surrounding code to determine if a match is a genuine vulnerability, a false positive, or already mitigated. Only flag findings with specific file:line evidence and confirmed risk.

Prerequisite check

git --version 2>/dev/null && git rev-parse --is-inside-work-tree 2>/dev/null