1. GitHub Code Review Exposes Defense-in-Depth Gaps in Task ID Validation
A multi-agent security review pipeline has flagged critical hardening opportunities within a codebase, revealing that a core function responsible for constructing file paths lacks internal validation. The function `getEvidencePath()` in `src/gate-evidence.ts` builds paths directly from a `taskId` parameter but contains...