guv3-prompt-patterns

The content is benign guidance for prompt engineering within guv3 but contains design choices that materially increase privacy and security risk. Primary concerns: (1) direct injection of raw conversation history and many PII fields into system prompts sent to LLMs and tools, and (2) an explicit silent-delegation directive that permits covert tool execution without user-visible confirmation. These create realistic paths for accidental or intentional data exposure and covert actions. Recommended mitigations: implement mandatory redaction/minimization of context_history and PII, require explicit user-visible confirmations or audit trails for any tool execution (remove or highly constrain 'silent delegation'), sanitize historical messages to mitigate prompt injection, add length limits and truncation for injected history, and document logging/retention and consent requirements. Review tool implementations to ensure they require authorisation and that prompts are not logged to third parties without consent.