# Sample Agent Launch Pack Report This is a fictional sample showing the shape of the `$25` fixed-scope deliverable. It does not describe a real buyer, real customer records, private systems, or payment details. ## Example Workflow Product: `Example Support Agent` Launch stage: pre-launch pilot Workflow: An AI assistant reads support tickets, retrieves help-center snippets, drafts replies, and waits for a human support lead before sending anything externally. ## Overall Read High launch risk until tool permissions, logging, and prompt-injection tests are tightened. ## Top Priorities 1. **Scope tool permissions before pilot** - Severity: high - Why it matters: broad helpdesk, CRM, browser, or MCP permissions can turn a bad prompt or retrieved instruction into an external action. - Fix: limit connected tools to the pilot workflow, disable unused write actions, and require human approval before sends, deletes, refunds, or account changes. 2. **Reduce model-visible customer data** - Severity: high - Why it matters: support tickets can include personal data, credentials, billing context, or private customer history. - Fix: pass only the fields needed to draft the reply, mask sensitive fields, and keep real customer records out of testing examples. 3. **Test indirect prompt injection** - Severity: medium - Why it matters: tickets, documents, websites, and retrieved snippets can contain instructions that should be treated as data, not authority. - Fix: run a short test set where untrusted text tries to override policy, reveal prompts, call tools, or bypass human approval. ## Additional Findings - **Tool-call traces may reveal internal topology** - Review whether endpoint names, tool schemas, service names, or debug traces are visible to the model or end users. - **Memory and retrieval reset plan is unclear** - Define how poisoned or outdated documents can be removed from memory, vector search, uploaded files, or saved context. - **Compromised-agent recovery is not documented** - Add a kill switch, credential revocation steps, owner contact, and audit-log review procedure before launch. - **Launch acceptance tests are missing** - Create 10 to 20 representative prompts, expected outcomes, refusal cases, and high-impact action checks. ## Three Fixes Before Launch 1. Turn off all write-capable tools except the exact pilot actions and require human approval for every external action. 2. Add redaction/minimization before model calls and disable verbose prompt logging in production. 3. Run prompt-injection and tool-boundary tests against tickets, retrieved docs, websites, and tool outputs. ## Scope Limits This sample is a practical launch screen. It is not legal advice, compliance certification, penetration testing, incident response, or a guaranteed security approval.