# Security Review

## Checked Areas

- Shell execution: browser auto-open is gated by `AUTO_OPEN_BROWSER` and defaults to false.
- Secrets: `.env` remains ignored; `.env.example` contains no real keys.
- External network calls: source fetches use timeout/retry diagnostics and expose degraded state.
- Manual actions: `/api/sweep` is local-only unless `SWEEP_TOKEN` is configured.
- File writes: runtime writes are limited to `runs/`.
- HTML injection: dashboard data is JSON-injected only by the CLI path; server mode serves data through API/SSE.

## Residual Risk

- External feeds can return malformed, stale, or adversarial content. UI rendering should continue to sanitize titles and URLs.
- LLM outputs are advisory only and must not be treated as financial advice.
- `node:sqlite` availability depends on the Node 22 build; when unavailable the memory database degrades to a no-op placeholder.