Security Model

OIntel is designed with a strict read-only security model:

1. No file writes — OIntel never writes to the filesystem outside its own database tables
2. No code execution — User input is never executed
3. Admin-only — All AJAX actions, REST writes, and admin pages require manage_options capability
4. Nonce verification — Every AJAX action verifies a WordPress nonce
5. Input sanitization — All user input is sanitized before storage
6. Output escaping — All output uses esc_html(), esc_attr(), esc_url() appropriately
7. External requests — Only TTFB measurement (internal) and optional WPVulnDB API call (with user-supplied key). All external requests use wp_remote_get() with timeouts
8. SQL — All database queries use $wpdb->prepare() with placeholders