From 1d78ca456c51258fe4d9f4ab7fa1df8e6a06c6e8 Mon Sep 17 00:00:00 2001
From: Arjun G <247arjun@gmail.com>
Date: Tue, 10 Mar 2026 01:48:22 +0000
Subject: [PATCH] Add security category coverage for SSRF

---
 .claude/commands/security-review.md | 1 +
 claudecode/prompts.py               | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.claude/commands/security-review.md b/.claude/commands/security-review.md
index 93651ea..3be5b9c 100644
--- a/.claude/commands/security-review.md
+++ b/.claude/commands/security-review.md
@@ -53,6 +53,7 @@ SECURITY CATEGORIES TO EXAMINE:
 - Template injection in templating engines
 - NoSQL injection in database queries
 - Path traversal in file operations
+- SSRF via unvalidated/unsanitized user input that controls the host or protocol
 
 **Authentication & Authorization Issues:**
 - Authentication bypass logic
diff --git a/claudecode/prompts.py b/claudecode/prompts.py
index ee44e0a..55b1a16 100644
--- a/claudecode/prompts.py
+++ b/claudecode/prompts.py
@@ -72,6 +72,7 @@ def get_security_audit_prompt(pr_data, pr_diff=None, include_diff=True, custom_s
 - Template injection in templating engines
 - NoSQL injection in database queries
 - Path traversal in file operations
+- SSRF via unvalidated/unsanitized user input that controls the host or protocol
 
 **Authentication & Authorization Issues:**
 - Authentication bypass logic