Security Review

Checked Areas

Shell execution: browser auto-open is gated by AUTO_OPEN_BROWSER and defaults to false.
Secrets: .env remains ignored; .env.example contains no real keys.
External network calls: source fetches use timeout/retry diagnostics and expose degraded state.
Manual actions: /api/sweep is local-only unless SWEEP_TOKEN is configured.
File writes: runtime writes are limited to runs/.
HTML injection: dashboard data is JSON-injected only by the CLI path; server mode serves data through API/SSE.

External feeds can return malformed, stale, or adversarial content. UI rendering should continue to sanitize titles and URLs.
LLM outputs are advisory only and must not be treated as financial advice.
node:sqlite availability depends on the Node 22 build; when unavailable the memory database degrades to a no-op placeholder.