[vikramkr]

That doesn't satisfy the requirement for a confirmation on each post request though

[fieldcny]

What requirement is that the specific text is “for POST requests, we require that developers build a user confirmation flow to avoid destruction actions.”

a) it says the require the plug-in developer so, not the ai

b) it’s scoped to destructive actions which is a subset of post requests

[wilg]

It does because the requirement is only for destructive actions

[vikramkr]

The requirement is for POSTs in general, not just deletes. Anything that does actions outside of the system instead of just getting data

[wilg]

The wording is ambiguous, but probably should apply. Also the rule should not be based on HTTP verbs at all since that's the wild west.