SecurityReviewCommand class

The /security-review command — performs a comprehensive security review of pending changes on the current branch.

Executes a structured multi-phase analysis:

1. Repository context research using file search tools
2. Comparative analysis against existing security patterns
3. Vulnerability assessment with data flow tracing

Uses sub-tasks for parallel false-positive filtering and confidence scoring. Only reports HIGH and MEDIUM severity findings with confidence >= 8/10.

Categories examined:

• Input validation (SQL/command/XXE/template/NoSQL/path injection)
• Authentication & authorization (bypass, escalation, session, JWT)
• Crypto & secrets management (hardcoded keys, weak algorithms)
• Injection & code execution (RCE, deserialization, eval, XSS)
• Data exposure (sensitive logging, PII handling, API leakage)

Inheritance

• Object
• Command
• PromptCommand
• SecurityReviewCommand

Constructors

SecurityReviewCommand()

Properties

aliases → List<String>

Alternative names for the command.

no setter, inherited

allowedTools → Set<String>

Tools the model is allowed to use.

no setter, override

argumentHint → String?

Hint text for arguments.

no setter, inherited

description → String

User-visible description.

no setter, override

displayName → String

Human-facing display name.

no setter, inherited

hashCode → int

The hash code for this object.

no setter, inherited

immediate → bool

Whether to execute immediately without waiting for stop point.

no setter, inherited

isEnabled → bool

Whether this command is enabled (feature flags, etc).

no setter, inherited

isHidden → bool

Whether this command is hidden from help/typeahead.

no setter, inherited

model → String?

Model override for this command.

no setter, inherited

name → String

Command name (without the / prefix).

no setter, override

progressMessage → String

Progress message shown during execution.

no setter, override

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

source → CommandSource

Where this command was loaded from.

no setter, inherited

type → CommandType

Execution type.

no setter, inherited

whenToUse → String?

When to use this command (for skills discovery).

no setter, inherited

Methods

getPrompt(String args, ToolUseContext context) → Future<List<ContentBlock>>

Build the prompt content for this command.

override

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited