Problem

In src/runner.rs:746, the PolicyContext passed to PolicyGateExecutor always has trust_level = TrustLevel::Trusted (hardcoded). The trust_level field in policy rules has no effect because the context always reports the highest trust level.

Impact

Impossible to write a policy rule that restricts tool access based on actual skill trust tier (quarantined vs verified vs trusted).

Expected behavior

PolicyContext.trust_level should reflect the actual trust level of the invoking skill. Fall back to TrustLevel::Trusted for direct user calls.

Notes

• Feature is cfg(feature = policy-enforcer) and enabled = false in default config — no production impact today
• Found during static code analysis in CI-71 (2026-03-22)
• Related: crates/zeph-tools/src/policy.rs:175-181, src/runner.rs:746