Risk checklist

Review high-risk tools before AI agents use them.

Agent-facing tools need stricter review than normal developer APIs. This checklist focuses on actions where an agent mistake can move money, delete data, expose private information or affect users.

High-risk action types

  • Refunds, payments and financial adjustments.
  • Deletes, cancellations and irreversible changes.
  • Emails, notifications and external messages.
  • Publishing, posting and public changes.
  • Customer, employee or account data exports.
  • Admin actions and permission changes.

Minimum checks

  • Does the tool require explicit confirmation?
  • Are amounts, dates, limits and IDs bounded?
  • Are closed fields represented as enums?
  • Does the description explain unsafe use?
  • Do errors tell the agent when to stop?
  • Can success be verified without guessing?

How AgentReady helps

TimeProofs AgentReady converts these patterns into a score, severity counts, findings and recommended fixes for OpenAPI and MCP tool definitions.

Limit

TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers.