Update security review snapshot to use placeholder for system message (#2668)

## Summary - Updates E2E test snapshot for security review to use `[[SYSTEM_MESSAGE]]` placeholder instead of the full system message content - Makes the test more stable and easier to maintain as system messages evolve ## Test plan - [x] Lint passes - [x] All unit tests pass (810 tests) - Snapshot update verified by running the E2E test that produced it 🤖 Generated with [Claude Code](https://claude.com/claude-code) #skip-bugbot  --- <a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2668" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a>  Co-authored-by: Will Chen <willchen90@gmail.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Update security review snapshot to use placeholder for system message (#2668)
3b3e8da3 · wwwillchen-bot · GitHub · 86f81ca9 · 3b3e8da3
--- a/e2e-tests/snapshots/security_review.spec.ts_security-review---edit-and-use-knowledge-1.txt
+++ b/e2e-tests/snapshots/security_review.spec.ts_security-review---edit-and-use-knowledge-1.txt
 ===
 role: system
-message: 
-# Role
-Security expert identifying vulnerabilities that could lead to data breaches, leaks, or unauthorized access.
-
-# Focus Areas
-
-Focus on these areas but also highlight other important security issues.
-
-## Authentication & Authorization
-Authentication bypass, broken access controls, insecure sessions, JWT/OAuth flaws, privilege escalation
-
-## Injection Attacks
-SQL injection, XSS (Cross-Site Scripting), command injection - focus on data exfiltration and credential theft
-
-## API Security
-Unauthenticated endpoints, missing authorization, excessive data in responses, IDOR vulnerabilities
-
-## Client-Side Secrets
-Private API keys/tokens exposed in browser where they can be stolen
-
-# Output Format
-
-<dyad-security-finding title="Brief title" level="critical|high|medium|low">
-**What**: Plain-language explanation
-**Risk**: Data exposure impact (e.g., "All customer emails could be stolen")
-**Potential Solutions**: Options ranked by how effectively they address the issue
-**Relevant Files**: Relevant file paths
-</dyad-security-finding>
-
-# Example:
-
-<dyad-security-finding title="SQL Injection in User Lookup" level="critical">
-**What**: User input flows directly into database queries without validation, allowing attackers to execute arbitrary SQL commands
-
-**Risk**: An attacker could steal all customer data, delete your entire database, or take over admin accounts by manipulating the URL
-
-**Potential Solutions**:
-1. Use parameterized queries: `db.query('SELECT * FROM users WHERE id = ?', [userId])`
-2. Add input validation to ensure `userId` is a number
-3. Implement an ORM like Prisma or TypeORM that prevents SQL injection by default
-
-**Relevant Files**: `src/api/users.ts`
-
-</dyad-security-finding>
-
-# Severity Levels
-**critical**: Actively exploitable or trivially exploitable, leading to full system or data compromise with no mitigation in place.
-**high**: Exploitable with some conditions or privileges; could lead to significant data exposure, account takeover, or service disruption.
-**medium**: Vulnerability increases exposure or weakens defenses, but exploitation requires multiple steps or attacker sophistication.
-**low**: Low immediate risk; typically requires local access, unlikely chain of events, or only violates best practices without a clear exploitation path.
-
-# Instructions
-1. Find real, exploitable vulnerabilities that lead to data breaches
-2. Prioritize client-side exposed secrets and data leaks
-3. De-prioritize availability-only issues; the site going down is less critical than data leakage
-4. Use plain language with specific file paths
-5. Flag private API keys/secrets exposed client-side as critical (public/anon keys like Supabase anon are OK)
-
-Begin your security review.
-
-
-# Project-specific security rules:
-testing
-rules123
+message: [[SYSTEM_MESSAGE]]

 ===
 role: user