Enhance security auditing capabilities by introducing a comprehensive 5-phase OWASP-based security audit process, including dependency scanning, static analysis, and a consolidated report with severity-ranked findings. Update autopilot workflows to incorporate an optional security audit step before deployment, and refine documentation across related skills for clarity and usability.

.cursor/skills/autopilot/state.md

@@ -10,16 +10,16 @@ The autopilot persists its state to `_docs/_autopilot_state.md`. This file is th
 # Autopilot State
 
 ## Current Step
-step: [0-6 or "2b" / "2c" / "2d" / "2e" / "2f" / "2g" / "2h" / "2i" or "done"]
-name: [Problem / Research / Plan / Blackbox Test Spec / Decompose Tests / Implement Tests / Refactor / New Task / Implement / Run Tests / Deploy / Decompose / Done]
-status: [not_started / in_progress / completed]
+step: [0-6 or "2b" / "2c" / "2d" / "2e" / "2f" / "2g" / "2h" / "2hb" / "2i" or "5b" or "done"]
+name: [Problem / Research / Plan / Blackbox Test Spec / Decompose Tests / Implement Tests / Refactor / New Task / Implement / Run Tests / Security Audit / Deploy / Decompose / Done]
+status: [not_started / in_progress / completed / skipped]
 sub_step: [optional — sub-skill internal step number + name if interrupted mid-step]
 
 ## Step ↔ SubStep Reference
 (include the step reference table from the active flow file)
 
 When updating `Current Step`, always write it as:
-  step: N          ← autopilot step (0–6 or 2b/2c/2d/2e/2f/2g/2h/2i)
+  step: N          ← autopilot step (0–6 or 2b/2c/2d/2e/2f/2g/2h/2hb/2i or 5b)
   sub_step: M      ← sub-skill's own internal step/phase number + name
 Example:
   step: 2