TrustSecurityAI
AI Work Product Policy
AI-generated work must be reviewable, attributable to a prompt/task, and safe
Purpose
AI-generated work must be reviewable, attributable to a prompt/task, and safe to integrate.
Required For Non-trivial AI Work
- Source prompt or task graph summary.
- Allowed paths and forbidden paths.
- Changed files list.
- Validation commands.
- Risks and follow-ups.
- Human reviewer.
Review Focus
- Hidden broad refactors.
- Incorrect claims about implemented features.
- Stale docs.
- Secret leakage.
- License or copied-content risk.
- Security-sensitive behavior added without approval.
Forbidden
- Raw private prompt dumps in repo.
- AI-generated legal, tax, immigration, or investment commitments.
- Production secrets or credentials.
- Undocumented backend, billing, auth, or deployment changes.