Take your Week 2 sandbox harness and add permission gates. Classify each tool into Auto, Confirm, or Sandbox tier. Then add a 4th tool (Bash) and explain which tier it belongs to and why.
Auto-approving file writes (should be Confirm)
No sandbox tier at all (Bash must be sandboxed)
Security policy that just says “block everything” (defeats the purpose)