/security

Runs autonomous security audit using STRIDE threat model, OWASP Top 10, and red-team simulation with 4 adversarial personas. Supports --diff, --fix, --scope, --depth flags.

Runs OWASP-compliant security audit via multi-LLM orchestration. Begins with clarifying questions on threat model, compliance, risk tolerance, and validation method.

Performs security review and vulnerability assessment on code modules or files following OWASP standards, classifying issues by severity and generating reports. Also supports --owasp flag.

Conducts security reviews of apps, APIs, scripts, and configs using OWASP Top 10 best practices and threat modeling; detects vulnerabilities and suggests fixes.

Auto-detects Drupal or Next.js project type and runs multi-layer security scans with Semgrep, Trivy, Gitleaks, and more. Produces JSON report and Markdown summary grouped by severity with remediation guidance.

Runs local security review on git changes vs base branch (default: main), scanning for OWASP Top 10 vulnerabilities, secrets exposure, and anti-patterns. Outputs PASS/WARN/CRITICAL_FAIL verdict, findings, and JSON.