I didn't mean this in a flippant way, and in fact have been experimenting with telling gimini "examine this code for SQL injections" and "examine this code for cryptographic flaws". Early results are very encouraging. I've been testing this approach on some open source libraries such as sqlalchemy.

I suspect that you will get better results than telling it to make no mistakes at the beginning.