AGENT_TOOL_ALLOWLIST
Verify AI agents have explicit tool allowlists, argument validation on tool inputs, and sandboxing for tool execution.
Framework Mappings
AIUC-1 D003 — Restrict Unsafe Tool CallsOWASP Agentic ASI02 — Tool Misuse and Exploitation
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGenMCP
Evaluation Facets
01
Explicit Tool Allowlist
RequiredWeight: 0.35
Pass:Allowlist of permitted tools defined — agents can only invoke listed tools
Partial:Allowlist exists but includes broad categories
Fail:No allowlist — all tools available by default
02
Argument Validation
Weight: 0.25
Pass:All tools have input validation schemas
Partial:Some tools have validation but coverage is incomplete
Fail:No input validation on tool arguments
03
Execution Sandboxing
Weight: 0.25
Pass:Tools run in isolated sandbox with limited access
Partial:Some tools sandboxed, others run in host context
Fail:Tools run in host context with full system access
04
Sensitive Operation Gating
Weight: 0.15
Pass:Destructive operations require additional approval
Fail:No distinction between safe and dangerous tools
Remediation Steps
- 1Define an explicit tool allowlist in agent configuration
- 2Add input validation schemas for all tools
- 3Run tool execution in sandboxed containers
- 4Classify tools by risk level and gate destructive operations behind approval workflows
Evaluate this control automatically
Connect your repos and Brigs evaluates AGENT_TOOL_ALLOWLIST across all your agent configurations.
Get Started — Free