2-min security sweep before you ship any vibe-coded app

Before pushing a Claude-built app to prod, paste this into Claude Code: "Act as a security auditor. Walk the whole codebase for OWASP top-10 issues — exposed API keys, SQL injection, XSS, missing auth, unchecked inputs, leaking error traces. Return a punch list: severity / file / fix." 2 minutes, catches the dumb stuff (which is almost always what gets you). From @hackSultan. Not a pen-test — the pre-flight check.