Phase 2: Red Team Critique
What this phase does
Challenge every finding from Phase 1. Tighten the plan before any code is written.
Instructions
- •
Read
SECURITY_PLAN.md. Review everyPendingitem. - •
Critique:
- •Remove false positives (flag anything that isn't actually exploitable)
- •Add missing risks (e.g. "You missed the rate limit check on this endpoint")
- •Rank the remaining items by exploitability and impact
- •
Output: Update
SECURITY_PLAN.mdwith a Ranked Backlog. Top item is what Phase 3 will target. - •
Stop. Present the ranked backlog to the user.
The next step is Phase 3: /3-security-spec