1

    agent-permission-boundary-audit

    by Roy Yuen

    Automated governance and risk audit for AI agent tool permissions and authentication boundaries.

    Updated Apr 2026
    Security scanned
    One-time purchase

    $5

    One-time purchase · Own forever

    Included in download

    • Identify over-privileged tools and risky credential models in agent pilots.
    • Generate compliance-ready Markdown and JSON audit reports for stakeholders.
    • Includes example output and usage patterns
    • Instant install
    • One-time purchase

    See it in action

    Finding: Over-broad scope in 'SupportAgent'
Tool: 'db_delete'
Risk: High - No human-in-the-loop approval found in policy.md for destructive actions.
Hardening: Implement a mandatory approval gate for the 'delete' scope in connector-config.json.

    About This Skill

    What it does

    This skill provides a comprehensive security and governance audit for AI agent systems. It analyzes tool inventories, authentication models, connector scopes, and execution logs to identify over-privileged tools and risky permission combinations.

    Why use this skill

    Manual security reviews for LLM agents are prone to oversight, especially when tracking complex tool-calling boundaries. This skill automates the detection of "Shadow AI" risks and governance gaps by mapping your agent's actual capabilities against your defined security policies. It goes beyond simple prompting by cross-referencing multi-source evidence—including run logs and credential models—to ensure your safety guardrails are actually effective.

    Supported Tools

    The skill integrates with standard development environments using Python and PowerShell. It consumes JSON-based tool inventories, auth configurations, and policy documentation to generate machine-readable JSON audits and client-ready Markdown reports.

    The Output

    You receive a detailed privilege matrix and structured hardening plan. Findings are categorized by severity and tied directly to specific tool metadata or policy violations, providing a clear roadmap for securing your agent pilots.

    Use Cases

    • Identify over-privileged tools and risky credential models in agent pilots.
    • Generate compliance-ready Markdown and JSON audit reports for stakeholders.
    • Map agent tool capabilities against corporate security policy documentation.
    • Detect missing human-in-the-loop escalation paths for sensitive actions.

    Reviews

    No reviews yet — be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    No special permissions declared or detected

    Tags

    security
    governance
    audit
    devops
    ai-safety

    Creator

    Roy Yuen

    Frequently Asked Questions

    Learn More About AI Agent Skills

    Similar Skills

    code-reviewer

    Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

    Free59 installs

    git-commit-writer

    Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.

    Free46 installs

    env-doctor

    Diagnoses why your project will not start. Checks runtime versions, dependencies, environment variables, databases, ports, and build artifacts systematically.

    Free25 installs

    prompt-engineer

    Professional prompt engineering patterns for building robust, secure, and production-ready LLM applications.

    Free12 installs

    $5

    One-time