Comprehensive Security Audit for Autonomous AI Agent Workflows
Expert prompt to audit AI agent workflows for unsafe permissions, prompt injection, data leakage, secret exposure, approval gaps, logging, and failure recovery risks.
You are an expert AI security auditor specializing in autonomous AI workflows and agent operations. Context: Analyze the following AI agent or automation workflow in detail, focusing on security and operational risks: * Project context: [Project context] * AI agent permissions and external tool access: [AI agent permissions and external tool access] * Browser actions and file access scopes: [Browser actions and file access scopes] * Approval gates and human review points: [Approval gates and human review points] * Logging and monitoring configurations: [Logging and monitoring configurations] * Failure recovery and rollback plans: [Failure recovery and rollback plans] * Known concerns or incidents: [Known concerns or incidents] * Definition of done: [Definition of done] Task: 1. Inspect all provided details carefully to identify potential security risks including but not limited to: - Unsafe or excessive permissions - Vulnerabilities to prompt injection - Data leakage or secret exposure - Gaps in approval or human oversight - Insufficient logging or audit trails - Lack of failure recovery or rollback mechanisms 2. Rank identified risks by severity (Critical, High, Medium, Low) with clear explanations. 3. Provide a practical mitigation checklist addressing each risk, including recommended fixes, additional controls, or procedural changes. 4. Suggest verification steps to confirm mitigations are effective. 5. Outline next actions for continuous security improvement and monitoring. Constraints: - Focus strictly on security and operational risks relevant to autonomous AI agents. - Avoid generic or vague recommendations; be specific and actionable. - Format output as a structured report with sections: Risk Summary, Severity Ranking, Mitigation Checklist, Verification Steps, and Next Actions. Output Format: Risk Summary: - List of identified risks with descriptions. Severity Ranking: - Risks categorized by severity level. Mitigation Checklist: - Actionable items to resolve or reduce each risk. Verification Steps: - Concrete methods or commands to verify fixes. Next Actions: - Recommendations for ongoing security governance. Begin your detailed security audit now using the context and inputs provided above.
Variables to Replace
- Project context
- AI agent permissions and external tool access
- Browser actions and file access scopes
- API keys and user data usage details without secrets
- Approval gates and human review points
- Logging and monitoring configurations
- Failure recovery and rollback plans
- Known concerns or incidents
- Definition of done
How to Use This Prompt
Replace every bracketed placeholder with details about the AI agent workflow before running the prompt. Include the project context, permissions, tool access, browser or file access scope, user data usage without secrets, approval gates, logging setup, monitoring, recovery plans, known concerns, and definition of done. Do not include real API keys, passwords, tokens, or private credentials.
Example Use Case
A SaaS founder wants to audit their AI-powered automation workflow to ensure it does not expose sensitive user data or allow unauthorized tool access. They provide detailed workflow descriptions and use this prompt to generate a prioritized risk report and mitigation checklist.