Skill

multi-agent-trust

Detects insecure agent-to-agent calls in multi-agent LLM pipelines lacking authentication, scoped permissions, or message validation. Flags risks and provides Python fix examples with auth headers and checklists.

Python

security

ai-ml

npx claudepluginhub thejefflarson/soundcheck --plugin soundcheck

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Detects agent-to-agent calls that lack authentication, authorization, or permission

SKILL.md

Similar Skills

excessive-agency

Flags vulnerable patterns in autonomous LLM agents enabling irreversible actions without oversight. Suggests fixes like impact classification, tool allowlists, pre-dispatch auditing, and structured parameters for safe workflows.

soundcheck

agent-governance

29.8k

Implements governance patterns for AI agents: policy-based tool controls, intent classification, trust scoring, audit trails, rate limits. For LangChain, CrewAI, OpenAI Agents.

awesome-copilot-refactor

agent-governance

Implements hooks for permission control, blocking dangerous operations, and audit trails in custom Claude Code agents.

3 tools

tac

Stats

Stars13

Forks0

Last CommitApr 16, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Multi-Agent Trust Boundaries (LLM08:2025)

What this checks

Detects agent-to-agent calls that lack authentication, authorization, or permission scoping. When agents blindly trust messages from other agents, a compromised or malicious agent can hijack the entire pipeline.

Vulnerable patterns

requests.post("http://worker/run", json={"task": task}) — inter-agent call with no auth token
Worker agent initialized with the orchestrator's full API key and tool scope
Agent output passed directly as input to the next agent without schema validation
No verification that a message claiming to be from "agent-A" is actually from agent-A

Fix immediately

Auth between agents: require a shared secret or signed JWT on every agent-to-agent call, verified by the receiver before processing
Scope permissions down: each agent receives only the tools and credentials it needs — never the orchestrator's full set
Validate agent messages: treat messages from other agents like untrusted user input — validate schema, reject unexpected fields

# Orchestrator: include auth header on every inter-agent call
resp = requests.post(
    "http://worker/run",
    json={"task": task},
    headers={"Authorization": f"Bearer {AGENT_SECRET}"},
)

# Worker: reject calls missing a valid token
if request.headers.get("Authorization") != f"Bearer {AGENT_SECRET}":
    return jsonify({"error": "unauthorized"}), 401

Flag the vulnerable call site, explain the risk and the correct fix pattern, then continue with the original task.

Verification

For every outbound agent-to-agent call present, an auth header or signed token is attached
For every agent-to-agent receiver handler present, the auth token is verified before processing
Each agent is initialized with the minimum permissions needed for its task
For every response received from another agent, the payload is validated against a schema before use
No agent blindly executes instructions received from another agent

References

CWE-306 (Missing Authentication for Critical Function)
CWE-272 (Least Privilege Violation)
OWASP LLM08:2025 Excessive Agency
OWASP Agentic AI Top 10:2025