diff --git a/.claude/commands/security-review.md b/.claude/commands/security-review.md
index 93651ea..3be5b9c 100644
--- a/.claude/commands/security-review.md
+++ b/.claude/commands/security-review.md
@@ -53,6 +53,7 @@ SECURITY CATEGORIES TO EXAMINE:
 - Template injection in templating engines
 - NoSQL injection in database queries
 - Path traversal in file operations
+- SSRF via unvalidated/unsanitized user input that controls the host or protocol
 
 **Authentication & Authorization Issues:**
 - Authentication bypass logic
diff --git a/claudecode/prompts.py b/claudecode/prompts.py
index ee44e0a..55b1a16 100644
--- a/claudecode/prompts.py
+++ b/claudecode/prompts.py
@@ -72,6 +72,7 @@ def get_security_audit_prompt(pr_data, pr_diff=None, include_diff=True, custom_s
 - Template injection in templating engines
 - NoSQL injection in database queries
 - Path traversal in file operations
+- SSRF via unvalidated/unsanitized user input that controls the host or protocol
 
 **Authentication & Authorization Issues:**
 - Authentication bypass logic