ask-security-sentinel

✅ MUST run before git commit or deploy ✅ MUST halt and warn if secrets found ✅ MUST enforce parameterized queries </critical_constraints> - `sk_live_...` (Stripe) - `ghp_...` (GitHub) - `ey...` (JWT tokens) → If found: HALT, warn user, move to .env </secret_patterns> ## SQL Injection ❌ Bad: `DB::select("SELECT * FROM users WHERE id = $id")` ✅ Good: `DB::select("...", [$id])`

XSS

• Check for {!! $variable !!} in Blade
• Ensure user explicitly confirmed safe HTML</vulnerability_checks>