Read ../../references/runtime-guide.md.
Call get_skill_content with resources: ["architecture", "delegation"].
Call get_agent with agents: ["security-engineer"].
Workflow
- Define the audit scope from the user request and relevant code paths
- Trace trust boundaries, auth flows, secret handling, and data exposure paths
- Review for exploitable flaws, unsafe defaults, OWASP Top 10 vulnerabilities, and high-risk dependencies
- Classify findings by severity (CVSS-aligned) with file references and exploitability assessment
- Provide remediation guidance with the highest-risk issues first