Recipe skill that turns Claude Code's built-in /batch into a security-migration tool: 7 copy-paste batch recipes (XSS innerHTML→textContent, HTTP→HTTPS, SQLi parameterization, input validation, log PII redaction, secret rotation, dependency CVE patches), each with a safety tier and false-positive trap, plus scan_diff.py — a before/after plugin-security-checker gate that fails on any new HIGH/CRITICAL finding.