Score one agent permission before you allow it


Agent permissions can look small. One new tool call. One new integration. One more checkbox.

Score the permission before you grant it. Don’t score the whole agent.

Use these five checks:

  1. Can this permission change customer- or user-visible state?

  2. Can it spend money, trigger a vendor action, or create a billable event?

  3. Can it expose credentials, private data, logs, or customer records?

  4. Can a human pause or revoke the permission quickly?

  5. Will logs show exactly what the agent did and why?

how to read the score


  • Green: allow the agent to execute.

  • Yellow: let the agent prepare; require human approval to execute.

  • Red: block until ownership, rollback, and logging are clear.

copy this into a team note


Permission to score: ____________________

  1. Visible state: no = 0; reversible = 1; hard to reverse = 2.

  2. Money or vendor action: no = 0; clear limit = 1; no clear limit = 2.

  3. Private data or secrets: no = 0; read-only limited data = 1; secrets, broad logs, or customer records = 2.

  4. Revocation: obvious control = 0; admin or deploy path only = 1; no clear path = 2.

  5. Logs: action, reason, and actor logged = 0; partial logs = 1; no useful audit trail = 2.

If you don’t know the answer to one of the five checks, treat it as yellow until someone names the owner, rollback path, and log trail.

Keep reading