Tool Boundary
List every tool the agent can call and the exact actions each tool can take.
MCP Server and AI Agent Tool-Call Risk Checklist
A no-login launch screen for one agent workflow that can call tools, read untrusted context, use memory, browse pages, edit files, or trigger customer-visible actions.
Ten checks before an MCP or tool-using agent ships
Permission Scope
Confirm service accounts, delegated users, and API permissions are limited to the one workflow.
Untrusted Context
Treat pages, tickets, docs, comments, emails, and tool output as data, not instructions.
Human Approval
Require approval before sends, posts, charges, writes, deletes, external calls, or user-visible changes.
Memory
Define what can persist, who can change it, and how poisoned context is removed.
Browser Actions
Keep browser automation away from account, payment, payout, tax, identity, and credential pages.
Logs and Traces
Check whether prompts, tool-call traces, endpoint names, schemas, or errors reveal private internals.
Stop Rules
Write down what the agent must never do, plus the escalation path for uncertainty.
Rollback
Make sure there is a fast disable switch, owner, and recovery plan before launch.
Launch Signal
If two or more answers are unclear, pause and tighten the workflow before increasing autonomy.
What to prepare safely
- One-sentence workflow summary with placeholder data only.
- Tool/action list with high-level permissions, not credentials.
- What the agent reads, writes, sends, posts, changes, or deletes.
- Which retrieved or saved context can influence tool use.
- Known launch concerns and the planned demo, pilot, handoff, or release date.
What not to paste into any intake
Do not send secrets, credentials, API keys, session cookies, card or bank details, private payment pages, customer records, private handles, full names, full transaction IDs, or private dashboard screenshots.
Need the working files?
The AI Agent Launch Pack includes the local app, safe-intake builder, checklist materials, templates, and fictional sample report. The optional 24-hour review is still limited to one workflow.