fpf-core

The code fragment is a governance/prompt-control scaffolding that enforces an autonomous pre-task workflow with sentinel and worklog gating. While the stated purpose is organizational (designing problems, tracking claims, etc.), the actual footprint involves writing session identifiers to hidden files and invoking a worklog endpoint. This introduces potential data leakage risk (session_id exposure), opaque control flows, and a nonstandard security footprint. It is not inherently malicious, but its use could enable covert data exposure or manipulation of task progress if misused or misconfigured. Treat as suspicious due to unusual gating mechanics and potential credential exposure, and recommend a careful threat assessment and tightened access controls, auditing, and explicit data-flow diagrams before deployment.