This is interesting. Security issues are bugs. So if you ask it to look for bugs, it will also find security issues. Is that a workaround for the "no cybersec" rule?

Or is it just not allowed to find bugs? Or it's only allowed to tell you bugs that don't pose a security risk?