Authorized environments · educational checklist

AI agent security audit

Review tool permissions, prompt injection, secrets, approvals, human review, audit trails, MCP and skills supply chains, and network egress.

Independent and non-official. Use only for systems you own or are authorized to assess. This checklist does not provide a certification or guarantee of security.
Exact US 0Related terms 290Highest related 170Variants 11

Reference framing: doneyli/ai-agent-security-audit five-phase checklist and OWASP Agentic Skills Top 10. This page is independent and non-official.

Step 1 · answer the controls

Where is your agent workflow exposed?

01

Tool permissions

Are tools scoped to the minimum files, commands, and environments they need?

Broad tools can turn a prompt mistake into a write or execution incident.

02

Prompt injection

Do untrusted pages, issues, documents, and tool outputs stay clearly separated from instructions?

Agent inputs can contain instructions that conflict with the operator's intent.

03

Secrets & data exfiltration

Are secrets, personal data, and sensitive files blocked from prompts, logs, and tool arguments?

Agent traces can become a second data-exfiltration surface.

04

Approvals

Do risky writes, external messages, purchases, and deployments require a human approval?

A useful agent still needs a clear boundary for consequential actions.

05

Human review

Is there a named human reviewer for high-impact or irreversible outcomes?

Automation should not silently become an authority for security, finance, or compliance decisions.

06

Audit trail

Can you reconstruct prompts, tool calls, approvals, outputs, and actor identity after an incident?

Without an audit trail, debugging and accountability are guesswork.

07

MCP / skills supply chain

Are MCP servers, skills, packages, and instructions pinned and reviewed before use?

Third-party agent extensions can change permissions and behavior over time.

08

Network egress

Are outbound hosts, webhooks, and data destinations restricted and observable?

Uncontrolled egress can leak context or allow an agent to reach an unsafe service.

FAQ

Security tool questions

Is this an official OWASP or vendor audit?

No. This is an independent educational checklist. It is informed by common agent security control areas and should be reviewed by a qualified security owner.

Can this certify my AI agent?

No. It cannot certify a system, prove compliance, or replace threat modeling, code review, penetration testing, or a formal audit.

What should I do with a High result?

Stop expanding permissions, document the gaps, assign an owner, add approval and logging controls, then test the workflow again in an authorized environment.

Does the report upload prompts or secrets?

No. Answers and report generation stay in the browser. Avoid pasting secrets into any form.