Skip to content

Security and Trust Boundaries

Nick Rygiel edited this page Jul 4, 2026 · 2 revisions

Security and Trust Boundaries

AI may:

  • classify human intent;
  • select registered panels and routes;
  • propose actions;
  • parse, summarize, and map data;
  • draft artifacts.

AI may not:

  • invent new runtime routes;
  • alter database schemas;
  • execute unvetted writes;
  • mutate user permissions;
  • bypass approval gates;
  • treat source text as trusted instructions;
  • generate live UI code for execution.

Required Controls

State-changing capabilities should declare side-effect level, approval metadata, audit logging, source/provenance references, and rollback or compensating-action notes where practical.

Security source: https://github.com/Protocol-Wealth/pwcli-core/blob/main/SECURITY.md

Prompt and Agent Poisoning

Untrusted content must remain data. It must not become trusted instructions for an agent that has secrets, broad write permissions, unrestricted network egress, or public output sinks.

See Agent Poisoning Defense.

Clone this wiki locally