agent/pkg/lib/workspace/security/TODO.md.tmpl

# Security Audit

## Target
{{.Repo}} — {{.Task}}

## Checklist
- [ ] Thread safety (race conditions, missing locks)
- [ ] Path traversal / sandbox escapes
- [ ] Injection (command, SQL, log)
- [ ] Error handling (swallowed errors, nil pointer risks)
- [ ] Authentication / authorisation gaps
- [ ] Cryptographic misuse
- [ ] Write findings to FINDINGS.md
feat: workspace templates via Extract — Gosod pattern for agent dispatch - Move pkg/prompts/lib → pkg/lib (prompt, task, flow, persona, workspace) - New lib.go: unified package with ExtractWorkspace() using text/template - Workspace templates: default, security, review — .tmpl files with data injection - prep.go: uses lib.ExtractWorkspace() + detect helpers for language/build/test - prompts.go: thin re-export wrapper for backwards compat Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-18 14:03:06 +00:00			`# Security Audit`

			`## Target`
			`{{.Repo}} — {{.Task}}`

			`## Checklist`
			`- [ ] Thread safety (race conditions, missing locks)`
			`- [ ] Path traversal / sandbox escapes`
			`- [ ] Injection (command, SQL, log)`
			`- [ ] Error handling (swallowed errors, nil pointer risks)`
			`- [ ] Authentication / authorisation gaps`
			`- [ ] Cryptographic misuse`
			`- [ ] Write findings to FINDINGS.md`