Seezo

Start a Seezo security assessment on a markdown spec / design doc / RFC / plan BEFORE any implementation code is written, then inject the resulting risks into the main agent's context. MANDATORY AUTO-TRIGGER. Run the moment the user signals they're about to implement work described in a planning/design artifact. Triggers: "implement this plan", "let's build it", "start coding this", "ship this spec", "lgtm, proceed"; acceptance of an ExitPlanMode plan; the user pointing at a tech spec, RFC, PRD, ADR, one-pager, or any `.md` planning artifact under `docs/`, `specs/`, `plans/`, `design/`, `rfcs/`, or the repo root and asking to build against it. Do NOT write or edit implementation code until this skill has produced `.seezo/{assessment_id}.md` and that file is in context. Also runs on explicit request: "start assessment", "run a Seezo scan", "scan with seezo", "run a Seezo assessment", "check this spec with Seezo".

Validate that the implemented code addresses every risk and abuse case flagged by a prior `start-assessment`. Reads `.seezo/{assessment_id}.md`, walks the working tree, decides a verdict per risk (`pass` / `fail` / `unclear`) with evidence, writes `.seezo/{assessment_id}.validation.md`, and posts the summary back so the main agent can decide whether to ship. MANDATORY AUTO-TRIGGER. Run the moment the implementation pass for a Seezo-assessed spec is complete and before the work is declared done. Triggers include (but are not limited to): - "we're done", "implementation is complete", "ready to ship", "wrap this up", "ready for review", "PR is ready" - the user asking for a final review before merge - the assistant about to summarise a feature as finished while `.seezo/config.json` has an `active_assessment_id` Also runs on explicit request: "validate implementation", "run validate-implementation", "run seezo-validate", "validate against the Seezo assessment", "check the code against Seezo".