Scope
Audit the whole repository for P2 or higher bugs, security issues, reliability risks, and missing validation. This is a repository-level audit, not a review of only recent diffs.
Focus areas
- Architecture and module boundaries
- API input validation and type coercion
- Resource amplification, fan-out, memory, latency, and denial-of-service risks
- Model/artifact loading and fallback behavior
- External downloads, archive extraction, and data poisoning risks
- Path handling, file writes, generated artifacts, and unsafe defaults
- Secrets, credentials, dependency risks, and GitHub Actions exposure
- Retrieval/NLU correctness risks that can silently produce wrong financial evidence
- Test gaps around confirmed high-impact behavior
Reporting requirements
Only report P2 or higher issues. For each finding, include:
- Severity
- Affected file and line
- Root cause
- Impact
- Reproduction or concrete evidence when possible
- A focused fix
- Relevant tests to add or update
Ignore style-only, formatting-only, or low-severity findings. Do not make broad refactors unless they are necessary to fix a confirmed P2+ issue. If you open a PR, keep the patch focused and run the most relevant test suite before handing it back.
Scope
Audit the whole repository for P2 or higher bugs, security issues, reliability risks, and missing validation. This is a repository-level audit, not a review of only recent diffs.
Focus areas
Reporting requirements
Only report P2 or higher issues. For each finding, include:
Ignore style-only, formatting-only, or low-severity findings. Do not make broad refactors unless they are necessary to fix a confirmed P2+ issue. If you open a PR, keep the patch focused and run the most relevant test suite before handing it back.