M25: Skill Trust Levels & Quarantine System

## Overview

Implement a trust gradation system for skills with quarantine enforcement, anomaly detection, and external skill loading. External skills start in quarantine with maximum restrictions, enhanced tracing, and automatic blocking on anomalous behavior.

## Architecture

- **4-tier trust model**: Trusted > Verified > Quarantined > Blocked
- **Enforcement**: PermissionOverlay + TrustGateExecutor wrapping CompositeExecutor
- **Per-turn minimum trust**: conservative approach — if any active skill is Quarantined, quarantine restrictions apply to entire turn
- **Anomaly detection**: extends AuditLogger with sliding-window threshold counters
- **Integrity**: blake3 content hash verified on every load and hot-reload
- **Storage**: new `skill_trust` SQLite table in zeph-memory

## Security Analysis

Key threat vectors addressed:
- AV-1: Prompt injection via malicious skill body (structural isolation, body size caps, injection pattern scan)
- AV-2: Privilege escalation via tool manipulation (ReadOnly enforcement for quarantined turns)
- AV-3: Trust escalation via self-learning (disabled for quarantined skills)
- AV-4: Hot-reload file substitution (hash comparison triggers downgrade)
- AV-5: Network exfiltration (hard-blocked for quarantined turns)

## Implementation Phases

1. Trust Model + Storage — TrustLevel enum, SQLite migration, config
2. Quarantine Enforcement — PermissionOverlay, TrustGateExecutor, agent loop integration
3. Anomaly Detection — AnomalyDetector, auto-block, user notification
4. External Skill Import — CLI commands, file import, integrity verification
5. Hub Protocol (deferred to M26+)

## Design Documents

- Architecture: `.local/plan/skill-trust-architecture.md`
- Security analysis: `.local/plan/skill-trust-security.md`

## Crate Boundaries

| Change | Crate |
|--------|-------|
| TrustLevel, SkillSource, SkillTrustManager | zeph-skills |
| PermissionOverlay, TrustGateExecutor, AnomalyDetector | zeph-tools |
| skill_trust migration, trust DB queries | zeph-memory |
| TrustConfig, SecurityConfig extensions | zeph-core |
| CLI subcommands (skill trust/block/import) | zeph (binary) |

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

M25: Skill Trust Levels & Quarantine System #418

Overview

Architecture

Security Analysis

Implementation Phases

Design Documents

Crate Boundaries

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Change	Crate
TrustLevel, SkillSource, SkillTrustManager	zeph-skills
PermissionOverlay, TrustGateExecutor, AnomalyDetector	zeph-tools
skill_trust migration, trust DB queries	zeph-memory
TrustConfig, SecurityConfig extensions	zeph-core
CLI subcommands (skill trust/block/import)	zeph (binary)

M25: Skill Trust Levels & Quarantine System #418

Description

Overview

Architecture

Security Analysis

Implementation Phases

Design Documents

Crate Boundaries

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions