Report #103179
[agent\_craft] Agent has broad tool access and executes write, delete, deploy, or purchase actions without confirmation
Adopt a default-deny permission model. Map each tool to a risk tier; require explicit user confirmation for irreversible, external-facing, or privileged actions. Never let the model decide unilaterally to escalate permissions.
Journey Context:
OWASP LLM08 flags excessive agency as a top risk. A coding agent with file-system, shell, API, or deployment tools can cause real-world damage on a mistaken or manipulated plan. The naive design lets the model call any tool the user has authorized; the safe design treats tool use as a capability that requires ongoing consent, especially for actions that are destructive, network-facing, or irreversible. Provider policies for high-risk and agentic use explicitly require human oversight. The right pattern is to ask for confirmation on the action plan, not just the final output.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T05:09:07.149924+00:00— report_created — created