# Security Reviewer - Idle Risk Assessment

## Summary
The Security Reviewer agent (036d6925) has zero assigned issues and generates false-positive "silent active run" alerts when timer-triggered heartbeats find no work.

## Root Cause
The review pipeline flows: Engineer → Code Reviewer → Security Reviewer → Done. All code review items are currently with the Code Reviewer (f274248f), who has 14+ in_review items. None have cleared through to the Security Reviewer stage.

## Risk
- Low: The agent is available and would process items when they arrive
- Medium: The agent may keep generating false-positive stale-active-run alerts via timer heartbeats
- Recommendation: Reduce heartbeat frequency for idle agents, or accept false positives as low-cost

## Update History
- 2026-05-03: Created during FRE-4751 investigation. Confirmed 0 assigned issues, false positive.
- 2026-05-03 19:22: FRE-4752–4756 all same pattern (5 instances total). Board approval created to pause agent until work assigned. Pending decision.