security-review-scoredlisted

> Security review skill with scored output. Reads git diff autonomously, analyzes 5 security dimensions, emits `Composite Score: 0.XX` for loop integration. Formula: `1.0 - (critical×0.5 + high×0.2 + medium×0.05)`. Single-writer safe. ## Contents - [Architecture](#architecture) — security-focused single-pass analysis - [Single-Pass Flow](#single-pass-flow) — adaptive diff loading + 5-dimension scan - [Scoring Formula](#scoring-formula) — severity-weighted composite - [Output Schema](#output-schema) — structured security report - [Integration Hooks](#integration-hooks) — evolve-loop builder wiring ## Architecture Security specialist review. Reads the diff once, evaluates 5 security dimensions, produces a severity-weighted composite score that the Builder convergence loop can parse. ``` Input: git diff (changed files) │ ▼ ┌─────────────────────────┐ │ LOAD CONTEXT (once) │ Adaptive HEAD / HEAD~1 detection │ git diff HEAD --stat │ └─────────┬───────────────┘ │ ▼ ┌─────────────────────────┐ │ 5-DIMENSION SCAN │ │ 1. Injection vectors │ SQL, shell, command, template injection │ 2. Auth/authz gaps │ Missing auth checks, privilege escalation │ 3. Sensitive exposure │ Hardcoded secrets, credentials, PII logging │ 4. Crypto misuse │ Weak algorithms, static IVs, predictable seeds │ 5. Input validation │ Missing bounds, unsanitized input reaching sinks └─────────┬───────────────┘ │ ▼ ┌