Risk Register

Risk	Area	Impact	Likelihood	Mitigation	Review
Prompt injection	Security	High	Med	Sanitize input; sign prompts; allow‑list tools	Weekly
Hallucination	Safety	Med	Med	Evaluation sampling; gold standards; refusals	Weekly
PII leakage	Compliance	High	Low	Data minimization; role‑based access; logs	Monthly