Security review

Untrusted-input, search exposure, and tool-boundary reviews for teams shipping sensitive workflows.

Fixed-scope risk screens and implementation audits for support workflows, internal tools, search-backed products, GitHub repos, and approval-gated business processes.

Proof hub Capability CV GitHub profile

Public-safe proof map for scoped operations, workflow controls, and reporting systems — Public-safe scope page. No client data, secrets, keys, cookies, bank details, or production credentials.

$500 starter risk screen

$1,200 workflow control report

$2,500 search-backed audit pack

0 production secrets required

Starter

Risk screen.

Review one support flow, search-backed feature, intake path, or workflow surface for obvious untrusted-input paths, unsafe tool calls, leaked context, and missing user-confirmation gates.

Price: $500
Input: Demo, docs, sample instructions
Output: Risk memo + fix list

Workflow

Control report.

Map the business process, data boundary, tool permissions, human approval steps, logging gaps, and failure cases for one workflow before it handles sensitive work.

Price: $1,200
Input: Workflow diagram or screen share
Output: Control map + tests

Search-backed

Implementation audit pack.

Inspect search behavior, tool schemas, instruction boundaries, authorization checks, test traces, logging, and mitigation paths using authorized material only.

Price: $2,500
Input: Repo, staging app, or docs
Output: Report + retest notes

Repo fix

GitHub and CI repair slice.

Patch a bounded repo issue: failing security test, weak validation, exposed sample secret, unsafe action path, dependency issue, or unclear README/runbook handoff.

Price: $300-$750
Input: Authorized repo access
Output: PR-ready patch

What Gets Checked

Untrusted inputsHostile instructions, external-text attacks, override attempts, and untrusted content boundaries.

Tool permissionsWrite actions, external calls, data export paths, approval gates, and least-privilege design.

Search exposureIndex scope, source filtering, citation integrity, hidden document leakage, and tenant boundary risks.

Test gapsMissing regression tests, weak fixtures, unsafe acceptance criteria, and untracked failure modes.

Operational controlsRun logs, escalation paths, human review states, rollback notes, and post-fix retest evidence.

Repo hygieneSecrets scanning, dependency risk, CI failures, README gaps, sample data cleanup, and safe demo paths.

Boundary

Scoped, authorized, and evidence-driven.

The first milestone uses buyer-approved systems, sample-safe data where possible, and a written acceptance gate. Production secrets are not required for the initial audit.