LLM Output Trust Boundary

Security-focused review category for AI-generated code. Checks that LLM-generated values are not written to a database without format validation, and that structured tool output is not accepted without type/shape checks. Part of the enhanced `/review-pr` Defensive Code Auditor agent.