Skip to main content
Back to Skill Library
Agent governance workflow library

Negative Authorization Test Review

Turn proposed agent tool access into denied-path tests that prove forbidden tools, targets, arguments, prompt-injected requests, policy failures, and side effects fail before real authority is granted.

This is a complete workflow library with 5 individual skills. Download the full library or pick the specific skill folder your team needs first.

Individual skills in this library

Use one skill at a time, or keep the full workflow together.

Some AI tools expect one skill folder per upload. Download the full library when you want the whole workflow, or download an individual skill when you only need one job done.

Skill 1

Denied-path matrix writer

Use when an agent capability needs machine-readable deny cases for actors, resources, actions, targets, arguments, scopes, and data classes before tool access is granted.

Skill 2

Tool policy fixture builder

Use when denied authorization rows need to become concrete policy, wrapper, sandbox, MCP, or CI fixtures that can fail closed before a real tool executes.

Skill 3

Prompt-injection denial scenario writer

Use when untrusted source text can reach an agent with tools and the team needs denial scenarios that combine a benign task with hostile email, web, issue, document, memory, MCP, or tool-result content.

Skill 4

Non-effect verification planner

Use when a denial test must prove that no file, network request, message, memory write, database row, payment, browser state, MCP tool call, or repository state changed.

Skill 5

Authorization regression gatekeeper

Use when denied authorization tests should become a release, CI, model-change, policy-change, tool-schema-change, MCP-change, or prompt-change gate before capability promotion.

Security fit check

Is the public Negative Authorization Test Review library enough, or does this need deeper review?

Use the public library when the workflow is low-risk, the inputs are already sanitized, and a team member can review the output before it reaches a buyer or customer.

Do deeper review when this workflow touches real tools, data sources, role ownership, approval paths, or customer-facing output.

Tool authorizationAI OperationsSecurityPlatform EngineeringTooling OwnerWorkflow Owner

Good deeper-review trigger signals

  • The workflow touches customer, prospect, CRM, proposal, security, pricing, or campaign data.
  • Different teams disagree on the approved source of truth.
  • The AI output could become customer-facing, revenue-impacting, or compliance-sensitive.
  • You need reusable eval checks before asking more people to use the workflow.