Review a task for prompt-injection, exfiltration, secrets, approval, and trust-boundary risks. Use before networked tools, MCP, auth flows, production actions, or security-sensitive edits.
Review the current task through a trust-boundary lens.
| Category | Check | Status |
|---|---|---|
| Secrets exposure | Are any secrets, tokens, or keys at risk of being read, logged, or leaked? | |
| Risky file paths | Does the task touch .env, credentials, keys, or deployment configs? | |
| Prompt injection | Could untrusted input (user data, MCP responses, file content) influence agent behavior? | |
| External tool trust | Are MCP or external tools being trusted without verification? | |
| Irreversible actions | Are there destructive operations (delete, push, deploy, publish) without rollback? | |
| Missing approval gates | Should a human approve before this action proceeds? |
| Unclear rollback | If this goes wrong, is the recovery path documented? |
Threat summary: [one-sentence risk assessment]
Blocked actions: [list any operations that should be denied]
Required approvals: [list any operations that need human confirmation]
Safe next step: [the action that can proceed safely]
Rules: