Pre-Release Security Audit (Between Any Two Git Refs)

This skill compares any two git refs (tag/branch/commit SHA) and audits:

• Source-code diffs for security regressions
• Dependency changes (direct + transitive) and lockfile determinism
• Newly introduced package behaviors inside node_modules
• CI/CD workflow risks in .github/workflows and build configs (Expo/EAS)

The output is a Chinese Markdown report, with a unique title and filename containing the refs to avoid overwrites.

0) Mandatory: confirm audit range (BASE_REF, TARGET_REF)

Ref rules

• Accepted: tag / branch / commit SHA
• BASE_REF = starting point, TARGET_REF = ending point (release candidate)

If refs are not explicitly provided by the user

Ask exactly once before doing any work: