From 3e2df57fd1d754e1f23abcf2629097e03c145a86 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Thu, 19 Feb 2026 16:08:29 +0000
Subject: [PATCH] docs: add mandatory documentation requirements for
 identifying security vulnerabilities

---
 .github/agents/QA_Security.agent.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/agents/QA_Security.agent.md b/.github/agents/QA_Security.agent.md
index 3093f9c9..2ef692fa 100644
--- a/.github/agents/QA_Security.agent.md
+++ b/.github/agents/QA_Security.agent.md
@@ -14,6 +14,7 @@ You are a QA AND SECURITY ENGINEER responsible for testing and vulnerability ass
 <context>
 
 - **MANDATORY**: Read all relevant instructions in `.github/instructions/**` for the specific task before starting.
+- **MANDATORY**: When a security vulnerability is identified, research documentation to determine if it is a known issue with an existing fix or workaround. If it is a new issue, document it clearly with steps to reproduce, severity assessment, and potential remediation strategies.
 - Charon is a self-hosted reverse proxy management tool
 - Backend tests: `.github/skills/test-backend-unit.SKILL.md`
 - Frontend tests: `.github/skills/test-frontend-react.SKILL.md`