Add Codex repository baseline

docs/security-review.md

@@ -0,0 +1,54 @@
+# Security Review
+
+## Scope
+
+Project:
+
+```text
+Robocopy_Overhaul
+```
+
+Reviewed version or commit:
+
+```text
+Baseline before implementation code.
+```
+
+## Code Patterns Checked
+
+- [x] No `eval` in project source. No project source exists yet.
+- [x] No dynamic `Function` constructor. No project source exists yet.
+- [x] No unsafe HTML injection. No project source exists yet.
+- [x] No unexpected shell execution. No project source exists yet.
+- [x] No unexpected external network calls. No project source exists yet.
+- [x] No secrets committed in baseline files.
+- [x] No unsafe file writes outside expected user-selected paths. No project source exists yet.
+
+## Dependency Review
+
+Command:
+
+```text
+PENDING: no dependency manifest exists yet.
+```
+
+Result:
+
+```text
+Not applicable for the baseline.
+```
+
+## Runtime Review
+
+- [ ] Least-privilege runtime configuration. Pending until runtime exists.
+- [ ] External URLs documented. Pending until implementation exists.
+- [ ] Local data storage documented. Pending until implementation exists.
+- [x] Sensitive data is not persisted by baseline files.
+
+## Release Notes
+
+Known residual risks:
+
+```text
+No implementation risk has been reviewed yet because no application code exists.
+```