Review code for SQL injection, command injection, path traversal, and hardcoded credentials before merge.