MrTrust/files/security-review.md

# Security Review

## Scope

Project:

```text
PROJECT_NAME
```

Reviewed version or commit:

```text
COMMIT_OR_VERSION
```

## Code Patterns Checked

- [ ] No `eval`.
- [ ] No dynamic `Function` constructor.
- [ ] No unsafe HTML injection.
- [ ] No unexpected shell execution.
- [ ] No unexpected external network calls.
- [ ] No secrets committed.
- [ ] No unsafe file writes outside expected user-selected paths.

## Dependency Review

Command:

```bash
AUDIT_COMMAND
```

Result:

```text
PENDING
```

## Runtime Review

- [ ] Least-privilege runtime configuration.
- [ ] External URLs documented.
- [ ] Local data storage documented.
- [ ] Sensitive data is not persisted unless explicitly required.

## Release Notes

Known residual risks:

```text
None documented yet.
```