Phase B Route Risk Audit (ACC_AUTO_FULL)
TmpAgentic203 words1 min read
| Risk ID | Severity | Screens | Risk | Mitigation |
|---|---|---|---|---|
| ACC-RSK-P0-01 | P0 | ACC-S02, ACC-S08 | Sensitive account actions bypass re-authentication | Require re-auth gate and explicit fallback before password/session/payment mutations. |
| ACC-RSK-P0-02 | P0 | ACC-S06, ACC-S10 | Program-scoped package actions leak across programs | Pin current program context and gate lifecycle actions to selected program only. |
| ACC-RSK-P0-03 | P0 | ACC-S07, ACC-S08 | Change-plan flow violates payment mechanism compatibility | Pre-validate plan/cycle/method combinations and show valid alternatives before continuation. |
| ACC-RSK-P0-04 | P0 | ACC-S06, ACC-S07 | Upgrade/downgrade timing consequences are hidden or ambiguous | Display immediate-vs-next-cycle effects before user confirmation. |
| ACC-RSK-P1-05 | P1 | ACC-S05 | Optional learning-goal flow appears mandatory | Keep save and skip actions equally discoverable and non-blocking. |
| ACC-RSK-P1-06 | P1 | ACC-S09, ACC-S11, ACC-S12 | Billing and purchase evidence cannot be traced to credit impacts | Maintain cross-links among billing, purchase, and credit history surfaces. |
| ACC-RSK-P1-07 | P1 | ACC-S09, ACC-S11 | Failed transactions lack direct retry or support route | Expose retry/support actions at row level for failed records. |