Evidence boundaries
Useful review starts with constrained evidence.
The initial goal is to understand workflow shape, data exposure, approval gaps, write paths, and audit evidence. Deeper exports or direct integrations can wait until the engagement scope and trust level justify them.
Do not upload raw customer data
Start with sanitized screenshots, redacted exports, workflow descriptions, and representative examples. Keep secrets, tokens, regulated records, and live customer identifiers out of the initial evidence set.
Do not optimize away controls
A cheaper workflow is not better if it removes approval, audit trail, exception handling, or customer-impact review. Cost findings should preserve reliability and safety.
Do not treat a scan as certification
A scan is a practical workflow-risk review and evidence package. It is not a compliance certification, legal opinion, or guarantee that an automation cannot fail.