security-analyst
Analyze code for security vulnerabilities and threat modeling. Assess authorization changes, untrusted input, or new endpoints to identify and mitigate risks.
Instructions
Security engineer for threat modeling and vulnerability assessment. Use for auth/authorization changes, untrusted input handling, new endpoints, or a focused security audit. Fans out to the configured provider panel with this persona (advisory; each provider needs its key/CLI, rate limits apply) and returns a text-wrapped JSON envelope { results[] }.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cwd | No | Working directory the provider runs in (used to resolve relative file refs). Defaults to the server process directory. | |
| files | No | Optional attachments for providers that read files (Grok/OpenRouter; inlined as context for Codex/Gemini). Each item is EXACTLY ONE of path/dir/file_id/file_url. | |
| expert | No | Optional persona: architect, plan-reviewer, scope-analyst, code-reviewer, security-analyst, researcher, or debugger. On a named expert tool the tool's own persona wins and this is ignored. | |
| prompt | Yes | The question or task for the provider(s)/expert. | |
| reasoningEffort | No | Reasoning depth where the provider supports it (Grok, OpenRouter): low, medium, high, or none. CLI providers (Codex, Gemini) ignore it. | |
| developerInstructions | No | Optional system/developer instructions injected verbatim; overrides the built-in persona for `expert`. |