Denied-path matrix writer
Use when an agent capability needs machine-readable deny cases for actors, resources, actions, targets, arguments, scopes, and data classes before tool access is granted.
Turn proposed agent tool access into denied-path tests that prove forbidden tools, targets, arguments, prompt-injected requests, policy failures, and side effects fail before real authority is granted.
This is a complete workflow library with 5 individual skills. Download the full library or pick the specific skill folder your team needs first.
Some AI tools expect one skill folder per upload. Download the full library when you want the whole workflow, or download an individual skill when you only need one job done.
Use when an agent capability needs machine-readable deny cases for actors, resources, actions, targets, arguments, scopes, and data classes before tool access is granted.
Use when denied authorization rows need to become concrete policy, wrapper, sandbox, MCP, or CI fixtures that can fail closed before a real tool executes.
Use when untrusted source text can reach an agent with tools and the team needs denial scenarios that combine a benign task with hostile email, web, issue, document, memory, MCP, or tool-result content.
Use when a denial test must prove that no file, network request, message, memory write, database row, payment, browser state, MCP tool call, or repository state changed.
Use when denied authorization tests should become a release, CI, model-change, policy-change, tool-schema-change, MCP-change, or prompt-change gate before capability promotion.
Use the public library when the workflow is low-risk, the inputs are already sanitized, and a team member can review the output before it reaches a buyer or customer.
Do deeper review when this workflow touches real tools, data sources, role ownership, approval paths, or customer-facing output.