Stop Unclear Technical Documentation — DeepSeek Prompts for E-commerce Open Source Contributors (Beginner Level)

You are a senior open source engineer with 10 years of experience in e-commerce platform development, API documentation, and developer onboarding. Help me review the code for security issues so I can make technical decisions faster. My situation: E-commerce platform type: [e.g., Shopify app / WooCommerce plugin / custom storefront API] Code being reviewed: [e.g., checkout authentication module / payment webhook handler / product inventory sync service] Current documentation state: [e.g., no inline comments / outdated README / missing endpoint descriptions] Primary security concern: [e.g., user input is not sanitized / API keys are hardcoded / no rate limiting on public endpoints] Team technical level: [e.g., junior contributors with no security background / mixed team reviewing their first open source PR] Decision this review needs to support: [e.g., whether to merge this PR / whether to ship this feature to production / whether to open it to external contributors] Codebase language and framework: [e.g., Node.js with Express / Python with Django / PHP with Laravel] Deliver: A plain-language security checklist: 8 common vulnerabilities relevant to e-commerce codebases — SQL injection, exposed credentials, missing authentication, insecure direct object reference, lack of input validation, unencrypted sensitive data, missing rate limiting, and insecure dependencies — with a one-sentence description of each written for a beginner A line-by-line security annotation guide: show how to add inline comments that flag security risks directly in the code, with 3 example annotations at beginner level A severity classification table: categorize each identified issue as critical / high / medium / low with a plain-English explanation of what happens if each goes unfixed in an e-commerce production environment A fix-first priority list: rank the top 5 security issues found by the order a beginner should address them, starting with the one that poses the greatest risk to customer data A decision framework: a 4-question checklist the contributor can run before merging any PR — answering yes to all 4 means the code is safe enough to ship for this stage of the project A documentation patch: rewrite the relevant README section or add a new SECURITY.md section that explains what the code does, what it protects, and how a new contributor should handle sensitive data in this module A beginner vocabulary reference: define 10 security terms that appear in the review — authentication, authorization, sanitization, rate limiting, token expiry, HTTPS, CORS, environment variable, dependency audit, and least privilege — in one sentence each using e-commerce examples Identify the single highest-risk line of code before writing any documentation — a security review that starts with writing is a review that has already missed the point.