A mobile client may store agent prompts, repository paths, diffs, command output, and downloaded artifacts. Protecting the live app sandbox is not enough if those files enter a device cloud backup you did not include in the threat model.
Start with a data inventory.
Data
Needed offline?
Backup allowed?







