Tool permissions
Are tools scoped to the minimum files, commands, and environments they need?
Broad tools can turn a prompt mistake into a write or execution incident.
Authorized environments · educational checklist
Review tool permissions, prompt injection, secrets, approvals, human review, audit trails, MCP and skills supply chains, and network egress.
Reference framing: doneyli/ai-agent-security-audit five-phase checklist and OWASP Agentic Skills Top 10. This page is independent and non-official.
Step 1 · answer the controls
Tool permissions
Broad tools can turn a prompt mistake into a write or execution incident.
Prompt injection
Agent inputs can contain instructions that conflict with the operator's intent.
Secrets & data exfiltration
Agent traces can become a second data-exfiltration surface.
Approvals
A useful agent still needs a clear boundary for consequential actions.
Human review
Automation should not silently become an authority for security, finance, or compliance decisions.
Audit trail
Without an audit trail, debugging and accountability are guesswork.
MCP / skills supply chain
Third-party agent extensions can change permissions and behavior over time.
Network egress
Uncontrolled egress can leak context or allow an agent to reach an unsafe service.
Related developer tools
FAQ
No. This is an independent educational checklist. It is informed by common agent security control areas and should be reviewed by a qualified security owner.
No. It cannot certify a system, prove compliance, or replace threat modeling, code review, penetration testing, or a formal audit.
Stop expanding permissions, document the gaps, assign an owner, add approval and logging controls, then test the workflow again in an authorized environment.
No. Answers and report generation stay in the browser. Avoid pasting secrets into any form.