security-review

# Security Review Methodology

Review implementation changes for security vulnerabilities and risks.

## Purpose

This skill provides methodology for reviewing code changes introduced during
implementation. Unlike full codebase audits, this focuses on the delta - what
was added or modified - to catch security issues before they're committed.

## Review Scope

### Determine Changed Files

Identify what was modified during implementation:

- Files created or modified in the current session
- Changes visible in git diff (staged and unstaged)
- New dependencies added

### Categorize by Risk Level

**High-Risk Changes** (require thorough review):

- Authentication/authorization logic
- Input handling and validation
- Database queries and data access
- API endpoints and route handlers
- Cryptographic operations
- File system operations
- External service integrations
- Configuration changes

**Medium-Risk Changes**:

- Business logic with data transformations
- Error handling and logging
- Session management
- Form processing

**Low-Risk Changes**:

- UI/styling changes
- Documentation
- Test files (unless testing security features)

## Security Checklist

### Input Validation

- [ ] All user inputs validated before use
- [ ] Validation happens server-side (not just client)
- [ ] Input length limits enforced
- [ ] Type checking performed
- [ ] Allowlists preferred over denylists

### Injection Prevention

- [ ] SQL queries use parameterized statements
- [ ] No string concatenation in queries
- [ ] Shell commands avoid user input (or properly escaped)
- [ ] No eval() or dynamic code execution with user data
- [ ] Template rendering escapes output by default

### Authentication & Authorization

- [ ] Authentication required for protected routes
- [ ] Authorization checks at each access point
- [ ] No hardcoded credentials
- [ ] Secrets loaded from environment/config (not code)
- [ ] Session tokens properly validated

### Data Protection

- [ ] Sensitive data not logged
- [