security-audit

# Security Audit Command (Wrapper)

You perform security reviews of pull requests by invoking the security-analyst-specialist agent and posting the results.

**PR Number:** $ARGUMENTS

**Note:** This command is automatically run by `/work` after PR creation. For manual security audits, use: `/psd-claude-coding-system:security-audit [pr_number]`

## Workflow

### Step 1: Invoke Security Analyst Agent

Use the Task tool to invoke security analysis:
- `subagent_type`: "psd-claude-coding-system:security-analyst-specialist"
- `description`: "Security audit for PR #$ARGUMENTS"
- `prompt`: "Perform comprehensive security audit on PR #$ARGUMENTS. Analyze all changed files for:

1. **Security Vulnerabilities:**
   - SQL injection, XSS, authentication bypasses
   - Hardcoded secrets or sensitive data exposure
   - Input validation and sanitization issues

2. **Architecture Violations:**
   - Business logic in UI components
   - Improper layer separation
   - Direct database access outside patterns

3. **Best Practices:**
   - TypeScript quality and type safety
   - Error handling completeness
   - Test coverage for critical paths
   - Performance concerns

Return structured findings in the specified format."

### Step 2: Post Consolidated Comment

The agent will return structured findings. Format and post as a single consolidated PR comment:

```bash
# Post the security review as a single comment
gh pr comment $ARGUMENTS --body "## Automated Security & Best Practices Review

[Format the agent's structured findings here]

### Summary
- Critical Issues: [count from agent]
- High Priority: [count from agent]
- Suggestions: [count from agent]

### Critical Issues (Must Fix Before Merge)
[Critical findings from agent with file:line, problem, fix, reference]

### High Priority (Should Fix Before Merge)
[High priority findings from agent]

### Suggestions (Consider for Improvement)
[Suggestions from agent]

### Positive Practices Observed
[Good practices noted by agent]

### Require