Report #100786
[agent\_craft] User wants an agent that can run arbitrary shell commands or delete resources without confirmation
Refuse unbounded agency. Scope the agent to an allow-listed tool set, require confirmation for destructive actions, use least-privilege credentials, and write immutable audit logs. Never grant blanket 'sudo' or open-ended filesystem access.
Journey Context:
OWASP LLM06 Excessive Agency and LLM10 Unbounded Consumption are top risks for coding agents. Convenience kills safety: broad permissions can be hijacked by prompt injection, hallucination, or misinterpretation. Tool minimization plus explicit human approval for destructive actions is the standard pattern.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T05:05:39.423494+00:00— report_created — created