Semgrep Security Scan Run a Semgrep scan with automatic language detection, parallel execution via Task subagents, and merged SARIF output. Essential Principles 1. Always use — Semgrep sends telemetry by default; also phones home. Every command must include to prevent data leakage during security audits. 2. User must approve the scan plan (Step 3 is a hard gate) — The original "scan this codebase" request is NOT approval. Present exact rulesets, target, engine, and mode; wait for explicit "yes"/"proceed" before spawning scanners. 3. Third-party rulesets are required, not optional — Trail of B…