feat: /security-review /refactor /summary /ask, 41 commands, README badges

- /security-review (/sec): OWASP-focused vulnerability scan
- /refactor: code improvement with best practices
- /summary: codebase overview and architecture
- /ask: quick Q&A without tool use
- README: badges, feature highlights
- /help: added new commands to categorized view
- Total: 41 slash commands, ~5000 lines Go

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: idoubi

README.md

@@ -1,7 +1,13 @@
 # Codeany
 
+[![Release](https://img.shields.io/github/v/release/codeany-ai/codeany)](https://github.com/codeany-ai/codeany/releases)
+[![Go](https://img.shields.io/github/go-mod/go-version/codeany-ai/codeany)](https://go.dev/)
+[![License](https://img.shields.io/github/license/codeany-ai/codeany)](LICENSE)
+
 An open-source AI-powered terminal agent for software engineering. Built in Go with [Bubble Tea](https://github.com/charmbracelet/bubbletea) TUI and the [Open Agent SDK](https://github.com/codeany-ai/open-agent-sdk-go).
 
+**41 slash commands** | **Skills & Plugins** | **MCP support** | **Chinese/IME input** | **Self-update**
+
 ## Quick Install
 
 ```bash

internal/slash/commands.go

@@ -997,6 +997,56 @@ func (h *Handler) usageCmd(args []string) Result {
 	return Result{Message: b.String()}
 }
 
+// ─── /security-review ─────────────────────────────
+
+func (h *Handler) securityReviewCmd(args []string) Result {
+	target := strings.Join(args, " ")
+	if target == "" {
+		target = "the current codebase"
+	}
+	return Result{
+		SkillPrompt: fmt.Sprintf("Perform a security review of %s. Check for:\n1. OWASP Top 10 vulnerabilities\n2. Injection attacks (SQL, command, XSS)\n3. Authentication/authorization flaws\n4. Sensitive data exposure\n5. Insecure dependencies\n6. Hardcoded secrets or credentials\n\nProvide a severity-ranked list of findings with remediation steps.", target),
+	}
+}
+
+// ─── /refactor ────────────────────────────────────
+
+func (h *Handler) refactorCmd(args []string) Result {
+	target := strings.Join(args, " ")
+	if target == "" {
+		return Result{Message: "Usage: /refactor <file or description>\n\nAsk the agent to refactor code with best practices."}
+	}
+	return Result{
+		SkillPrompt: fmt.Sprintf("Refactor %s. Focus on:\n1. Code clarity and readability\n2. DRY principle (remove duplication)\n3. Single responsibility\n4. Better naming\n5. Simplify complex logic\n\nMake the changes, keeping functionality identical.", target),
+	}
+}
+
+// ─── /summary ─────────────────────────────────────
+
+func (h *Handler) summaryCmd(args []string) Result {
+	target := strings.Join(args, " ")
+	if target == "" {
+		return Result{
+			SkillPrompt: "Summarize this project/codebase. Provide:\n1. What the project does\n2. Tech stack and main dependencies\n3. Directory structure overview\n4. Key entry points\n5. How to build/run/test",
+		}
+	}
+	return Result{
+		SkillPrompt: fmt.Sprintf("Summarize: %s", target),
+	}
+}
+
+// ─── /ask ─────────────────────────────────────────
+
+func (h *Handler) askCmd(args []string) Result {
+	question := strings.Join(args, " ")
+	if question == "" {
+		return Result{Message: "Usage: /ask <question>\n\nAsk a question. The agent will answer without using tools."}
+	}
+	return Result{
+		SkillPrompt: fmt.Sprintf("[Answer this question directly without using any tools, just from your knowledge]: %s", question),
+	}
+}
+
 // ─── helpers ──────────────────────────────────────
 
 func min(a, b int) int {

internal/slash/slash.go

@@ -94,6 +94,11 @@ func AllCommands() []CommandDef {
 		{Name: "/branch", Description: "Git branch management", HasArgs: true},
 		{Name: "/pr", Description: "Create pull request", HasArgs: true},
 		{Name: "/stash", Description: "Git stash management", HasArgs: true},
+		// Analysis
+		{Name: "/security-review", Aliases: []string{"/sec"}, Description: "Security vulnerability scan", HasArgs: true},
+		{Name: "/refactor", Description: "Refactor code", HasArgs: true},
+		{Name: "/summary", Description: "Summarize project/codebase", HasArgs: true},
+		{Name: "/ask", Description: "Quick Q&A without tools", HasArgs: true},
 	}
 }
 
@@ -221,6 +226,14 @@ func (h *Handler) Handle(input string) Result {
 		return h.prCmd(args)
 	case "/stash":
 		return h.stashCmd(args)
+	case "/security-review", "/sec":
+		return h.securityReviewCmd(args)
+	case "/refactor":
+		return h.refactorCmd(args)
+	case "/summary":
+		return h.summaryCmd(args)
+	case "/ask":
+		return h.askCmd(args)
 	default:
 		// Try skill invocation
 		if result, ok := h.HandleSkillInvocation(cmd, args); ok {
@@ -251,6 +264,10 @@ func (h *Handler) help() Result {
 	b.WriteString("  /stash         Stash management\n")
 	b.WriteString("  /bug <desc>    Investigate a bug\n")
 	b.WriteString("  /test          Run tests\n")
+	b.WriteString("  /sec           Security review\n")
+	b.WriteString("  /refactor      Refactor code\n")
+	b.WriteString("  /summary       Summarize codebase\n")
+	b.WriteString("  /ask <q>       Quick Q&A (no tools)\n")
 
 	b.WriteString("\nTools & Context:\n")
 	b.WriteString("  /mcp           Manage MCP servers\n")