agent/pkg/lib/workspace/security/CLAUDE.md.tmpl

# CLAUDE.md — Security Review

## Task
{{.Task}}

## Repository
- **Repo**: {{.Repo}}
- **Branch**: {{.Branch}}

## Persona
{{.Persona}}

## Rules
- This is a READ-ONLY security audit — do NOT modify source files
- Report findings with file:line format
- Rate each finding: CRITICAL / HIGH / MEDIUM / LOW
- Check for: OWASP top 10, injection, path traversal, race conditions, sandbox escapes
- Focus on real bugs — skip cosmetic/style issues
- Output findings to FINDINGS.md in the workspace root

## Build & Test
{{.Flow}}
feat: workspace templates via Extract — Gosod pattern for agent dispatch - Move pkg/prompts/lib → pkg/lib (prompt, task, flow, persona, workspace) - New lib.go: unified package with ExtractWorkspace() using text/template - Workspace templates: default, security, review — .tmpl files with data injection - prep.go: uses lib.ExtractWorkspace() + detect helpers for language/build/test - prompts.go: thin re-export wrapper for backwards compat Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-18 14:03:06 +00:00			`# CLAUDE.md — Security Review`

			`## Task`
			`{{.Task}}`

			`## Repository`
			`- Repo: {{.Repo}}`
			`- Branch: {{.Branch}}`

			`## Persona`
			`{{.Persona}}`

			`## Rules`
			`- This is a READ-ONLY security audit — do NOT modify source files`
			`- Report findings with file:line format`
			`- Rate each finding: CRITICAL / HIGH / MEDIUM / LOW`
			`- Check for: OWASP top 10, injection, path traversal, race conditions, sandbox escapes`
			`- Focus on real bugs — skip cosmetic/style issues`
			`- Output findings to FINDINGS.md in the workspace root`

			`## Build & Test`
			`{{.Flow}}`