2.5 Human-in-the-Loop for Sensitive Actions

Description

Sensitive, destructive, or high-impact actions MUST require explicit human confirmation.

Rationale

Human oversight provides a final check against prompt injection, hallucinations, and unexpected behavior.

Audit Procedure

1. Identify sensitive actions
2. Check if human confirmation is required
3. Verify confirmation cannot be bypassed

Remediation

1. Categorize actions by risk level
2. Implement approval workflow for high-risk actions
3. Log all approval decisions

Framework Mappings