lfe-security-checklisted

# LFE Security Check — OWASP Top-10 Prompt Analysis ## Position in Pipeline - **Phase**: 3 (Inspector sub-skill) - **Persona**: Inspector (read-only; no src/ writes) - **Trigger**: Invoked by `/lfe-inspector` Sub-Skill Dispatch when `lfe-security-check: true` in `.docs/quality/inspector-config.md` - **Output**: `.plans/checks/security_findings.md` — aggregated by Inspector into `critique.md` ## Mission Systematically examine the implementation diff for security vulnerabilities using the OWASP Top-10 as a structured checklist. No external scanners, no Semgrep, no platform-specific tooling — reasoning over code only. ## Hard Rules 0. **Dispatch Context Required (refuse direct invocation)**: This skill is dispatched by `/lfe-inspector` Step 6 — it is not a Brain-typeable skill (per `LLM_AGENT_GUIDE.md` §8.8 Skill Invocation Authority). If invoked without `.plans/builder_done.md` AND `.plans/tdd_report.md` for the current slice, halt immediately and reply: *"`/lfe-security-check` is an Inspector sub-skill dispatched by `/lfe-inspector`. It cannot be run standalone. Run `/lfe-inspector` — the dispatcher will invoke this sub-skill if it is enabled in `.docs/quality/inspector-config.md` (or via an `## Inspector Overrides` section in `active_plan.md`)."* Direct invocation produces orphaned findings files and breaks the Inspector's aggregation logic. 1. **Prompt-Only Analysis**: All findings come from LLM reasoning over the diff — reason only, with no code execution or external API