Add security category coverage for SSRF

.claude/commands/security-review.md

@@ -53,6 +53,7 @@ SECURITY CATEGORIES TO EXAMINE:
 - Template injection in templating engines
 - NoSQL injection in database queries
 - Path traversal in file operations
+- SSRF via unvalidated/unsanitized user input that controls the host or protocol
 
 **Authentication & Authorization Issues:**
 - Authentication bypass logic

claudecode/prompts.py

@@ -72,6 +72,7 @@ def get_security_audit_prompt(pr_data, pr_diff=None, include_diff=True, custom_s
 - Template injection in templating engines
 - NoSQL injection in database queries
 - Path traversal in file operations
+- SSRF via unvalidated/unsanitized user input that controls the host or protocol
 
 **Authentication & Authorization Issues:**
 - Authentication bypass logic