Skill Being Reviewed
skills/ai-security/agent-security
Review Focus
The skill is strong on least privilege, tool registration breadth, human approval, audit trails, multi-agent boundaries, and rollback. The gap I found is durable security state across long-running workflows: denied actions, active constraints, risk scores, budget state, and prior human decisions need to persist outside the model context, otherwise a long-horizon agent can "forget" controls after context compaction, retries, or subagent handoff.
Coverage Gap
Please add an explicit review check for persistent security-state and sequence-aware tool control:
- Security decisions such as denied tools, approval scope, approval expiry, and risk escalations should be stored in deterministic workflow state, not only in prompt/context memory.
- Tool calls should be evaluated as sequences, not just individual requests. A read -> transform -> exfiltrate chain may be dangerous even when each single tool call looks benign.
- Subagent delegation should inherit active constraints and prior denials, with evidence that the child agent cannot reset or narrow the audit trail.
- Context-window rollover, session resume, retry, and crash recovery should preserve security-relevant state.
- Human approvals should bind to exact action class, resource, parameters, expiry, and actor chain.
False Positive Analysis
Not every long-running agent needs heavyweight state. A read-only summarizer with no side-effect tools may be fine with lightweight session logs. The finding should trigger when the agent can write files, call external APIs, deploy code, spend money, access secrets, or delegate to other tool-using agents.
Edge Cases
- A denied tool call may reappear later through another agent or a semantically equivalent tool name.
- A human approval for "deploy staging" should not authorize "deploy production" after a route or environment rename.
- Replayed workflow resumes should not reuse stale approvals after incident response or key rotation.
- Audit trails should record policy decision inputs, not only model narration.
Suggested Acceptance Criteria
- Add a "persistent security state" check to the agent architecture review.
- Add sequence-aware tool-call review examples.
- Require approval evidence to include scope, parameters, actor chain, and expiry.
- Require context rollover/resume tests for high-impact agents.
Bounty Info
This is submitted as a skill review bounty claim. Preferred payout: PayPal samik4184@gmail.com.
Skill Being Reviewed
skills/ai-security/agent-securityReview Focus
The skill is strong on least privilege, tool registration breadth, human approval, audit trails, multi-agent boundaries, and rollback. The gap I found is durable security state across long-running workflows: denied actions, active constraints, risk scores, budget state, and prior human decisions need to persist outside the model context, otherwise a long-horizon agent can "forget" controls after context compaction, retries, or subagent handoff.
Coverage Gap
Please add an explicit review check for persistent security-state and sequence-aware tool control:
False Positive Analysis
Not every long-running agent needs heavyweight state. A read-only summarizer with no side-effect tools may be fine with lightweight session logs. The finding should trigger when the agent can write files, call external APIs, deploy code, spend money, access secrets, or delegate to other tool-using agents.
Edge Cases
Suggested Acceptance Criteria
Bounty Info
This is submitted as a skill review bounty claim. Preferred payout: PayPal
samik4184@gmail.com.